Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2013-5613

Disclosure Date: December 11, 2013
CVE-2013-5613 CVSS v3 Base Score: 9.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2013-5613 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613)
Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-114.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html
https://bugzilla.mozilla.org/show_bug.cgi?id=930381
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
FEDORA-2013-23127 (http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html)
FEDORA-2013-23519 (http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html)
SECTRACK-1029470 (http://www.securitytracker.com/id/1029470)
https://bugzilla.mozilla.org/show_bug.cgi?id=932449
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
GLSA-201504-01 (https://security.gentoo.org/glsa/201504-01)
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
SECTRACK-1029476 (http://www.securitytracker.com/id/1029476)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
FEDORA-2013-23291 (http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html)
USN-2052-1 (http://www.ubuntu.com/usn/USN-2052-1)
http://rhn.redhat.com/errata/RHSA-2013-1812.html
USN-2053-1 (http://www.ubuntu.com/usn/USN-2053-1)
FEDORA-2013-23295 (http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis