Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Required

Privileges Required

None

Attack Vector

Network

0

CVE-2013-1675

Disclosure Date: May 16, 2013 •

CVE-2013-1675 CVSS v3 Base Score: 6.5

Exploited in the Wild

Reported by gwillcox-r7
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

3.6

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

Vendors

Products

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: March 07, 2022 5:45pm UTC (2 years ago)

References

Canonical

CVE-2013-1675 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675)

BID-59858 (http://www.securityfocus.com/bid/59858)

Advisory

DSA-2699 (http://www.debian.org/security/2013/dsa-2699)

http://www.mandriva.com/security/advisories?name=MDVSA-2013:165

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html

https://bugzilla.mozilla.org/show_bug.cgi?id=866825

USN-1823-1 (http://www.ubuntu.com/usn/USN-1823-1)

http://rhn.redhat.com/errata/RHSA-2013-0821.html

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html

http://www.mozilla.org/security/announce/2013/mfsa2013-47.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html

http://rhn.redhat.com/errata/RHSA-2013-0820.html

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html

USN-1822-1 (http://www.ubuntu.com/usn/USN-1822-1)

Rapid7

Technical Analysis