CVE-2013-1690 vulnerability in Mozilla and Other Products
Published on June 26, 2013

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

Vulnerability Analysis

CVE-2013-1690 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Products Associated with CVE-2013-1690

You can be notified by stack.watch whenever vulnerabilities like CVE-2013-1690 are published in these products:

Mozilla Thunderbird Esr

  Watch

 

Mozilla Thunderbird

  Watch

 

Mozilla FireFox Extended Support Release (ESR)

  Watch

 

Mozilla Firefox

  Watch

 

Canonical Ubuntu Linux

  Watch

 

Debian Linux

  Watch

 

Red Hat Enterprise Linux Server

  Watch

 

Red Hat Enterprise Linux Workstation

  Watch

 

Red Hat Enterprise Linux Server Aus

  Watch

 

Red Hat Enterprise Linux Desktop

  Watch

 

Red Hat Enterprise Linux Eus

  Watch

 

Red Hat Gluster Storage Server On Premise

  Watch

 

Suse Linux Enterprise Desktop

  Watch

 

Suse Linux Enterprise Server

  Watch

 

OpenSuse

  Watch

 

Suse Linux Enterprise Software Development Kit

  Watch

 

What versions are vulnerable to CVE-2013-1690?

•   Mozilla Thunderbird Esr Version 17.0 Fixed in Version 17.0.7
•   Mozilla Thunderbird Fixed in Version 17.0.7
•   Mozilla Firefox Fixed in Version 22.0
•   Mozilla Firefox Version 17.0 Fixed in Version 17.0.7

•   Canonical Ubuntu Linux Version 13.04
•   Canonical Ubuntu Linux Version 12.10
•   Canonical Ubuntu Linux Version 12.04

•   Debian Linux Version 7.0

•   Red Hat Enterprise Linux Server Version 5.0
•   Red Hat Enterprise Linux Workstation Version 5.0
•   Red Hat Enterprise Linux Server Aus Version 6.4
•   Red Hat Enterprise Linux Desktop Version 6.0
•   Red Hat Enterprise Linux Server Version 6.0
•   Red Hat Enterprise Linux Workstation Version 6.0
•   Red Hat Enterprise Linux Desktop Version 5.0
•   Red Hat Enterprise Linux Server Aus Version 5.9
•   Red Hat Enterprise Linux Eus Version 5.9
•   Red Hat Enterprise Linux Eus Version 6.4
•   Red Hat Gluster Storage Server On Premise Version 2.0

•   Suse Linux Enterprise Desktop Version 11 sp3
•   Suse Linux Enterprise Server Version 11 sp3 vmware
•   OpenSuse Version 12.3
•   Suse Linux Enterprise Desktop Version 11 sp2
•   Suse Linux Enterprise Software Development Kit Version 11 sp3
•   OpenSuse Version 11.4
•   OpenSuse Version 12.2
•   Suse Linux Enterprise Server Version 11 sp2 vmware
•   Suse Linux Enterprise Server Version 11 sp2 -
•   Suse Linux Enterprise Software Development Kit Version 10 sp4
•   Suse Linux Enterprise Server Version 11 sp3 -
•   Suse Linux Enterprise Desktop Version 10 sp4
•   Suse Linux Enterprise Server Version 10 sp4
•   Suse Linux Enterprise Server Version 11 sp1 vmware
•   Suse Linux Enterprise Server Version 11 sp1 -