[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-1674Date: (C)2013-05-16   (M)2024-03-27


Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-59859
DSA-2699
IAVM:2013-A-0109
MDVSA-2013:165
RHSA-2013:0820
RHSA-2013:0821
USN-1822-1
USN-1823-1
http://www.mozilla.org/security/announce/2013/mfsa2013-46.html
https://bugzilla.mozilla.org/show_bug.cgi?id=860971
openSUSE-SU-2013:0825
openSUSE-SU-2013:0831
openSUSE-SU-2013:0834
openSUSE-SU-2013:0929
openSUSE-SU-2013:0946
oval:org.mitre.oval:def:17147

CPE    23
cpe:/a:mozilla:firefox_esr:17.0
cpe:/a:mozilla:firefox:20.0.1
cpe:/a:mozilla:firefox:19.0
cpe:/a:mozilla:thunderbird:17.0
...
CWE    1
CWE-399
OVAL    22
oval:org.secpod.oval:def:11220
oval:org.secpod.oval:def:11221
oval:org.secpod.oval:def:400540
oval:org.secpod.oval:def:601045
...

© SecPod Technologies