{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-25T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "USN-1890-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1890-1"}, {"name": "RHSA-2013:0982", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"}, {"name": "SUSE-SU-2013:1153", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"}, {"name": "SUSE-SU-2013:1152", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html"}, {"name": "RHSA-2013:0981", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"}, {"name": "USN-1891-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1891-1"}, {"name": "openSUSE-SU-2013:1141", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"}, {"name": "DSA-2716", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2716"}, {"name": "oval:org.mitre.oval:def:16996", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996"}, {"name": "openSUSE-SU-2013:1142", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"}, {"name": "openSUSE-SU-2013:1140", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"}, {"name": "DSA-2720", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2720"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365"}, {"name": "60778", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/60778"}, {"name": "openSUSE-SU-2013:1143", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-1690", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-1890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1890-1"}, {"name": "RHSA-2013:0982", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"}, {"name": "SUSE-SU-2013:1153", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"}, {"name": "SUSE-SU-2013:1152", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883"}, {"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html"}, {"name": "RHSA-2013:0981", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"}, {"name": "USN-1891-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1891-1"}, {"name": "openSUSE-SU-2013:1141", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"}, {"name": "DSA-2716", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2716"}, {"name": "oval:org.mitre.oval:def:16996", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996"}, {"name": "openSUSE-SU-2013:1142", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"}, {"name": "openSUSE-SU-2013:1140", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"}, {"name": "DSA-2720", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2720"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365"}, {"name": "60778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/60778"}, {"name": "openSUSE-SU-2013:1143", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:13:32.269Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1890-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1890-1"}, {"name": "RHSA-2013:0982", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"}, {"name": "SUSE-SU-2013:1153", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"}, {"name": "SUSE-SU-2013:1152", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html"}, {"name": "RHSA-2013:0981", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"}, {"name": "USN-1891-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1891-1"}, {"name": "openSUSE-SU-2013:1141", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"}, {"name": "DSA-2716", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2716"}, {"name": "oval:org.mitre.oval:def:16996", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996"}, {"name": "openSUSE-SU-2013:1142", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"}, {"name": "openSUSE-SU-2013:1140", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"}, {"name": "DSA-2720", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2720"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365"}, {"name": "60778", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/60778"}, {"name": "openSUSE-SU-2013:1143", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-1690", "datePublished": "2013-06-26T01:00:00", "dateReserved": "2013-02-13T00:00:00", "dateUpdated": "2024-08-06T15:13:32.269Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-04-18", "cisaExploitAdd": "2022-03-28", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0321165-FB26-4E37-B9EC-E09FF46034B4", "versionEndExcluding": "22.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "C598E3DF-1B51-4FFC-8B05-D9BEF244AACA", "versionEndExcluding": "17.0.7", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "945D0C7E-E76B-4E80-A78E-8FC59E0579E6", "versionEndExcluding": "17.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "D30B82F9-F16D-48C8-BFC4-1F4FA628B9E2", "versionEndExcluding": "17.0.7", "versionStartIncluding": "17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "59D47E43-886E-4114-96A2-DBE719EA3A89", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "matchCriteriaId": "D1D7B467-58DD-45F1-9F1F-632620DF072A", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*", "matchCriteriaId": "7F4AF9EC-7C74-40C3-A1BA-82B80C4A7EE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:vmware:*:*", "matchCriteriaId": "DB9BBC2E-7D91-4879-898A-520D2D758D1B", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location."}, {"lang": "es", "value": "Mozilla Firefox anterior a 22.0, Firefox ESR 17.x anterior a 17.0.7, Thunderbird anterior a 17.0.7, y Thunderbird ESR 17.x anterior a 17.0.7 no manejan adecuadamente los eventos \"onreadystatechange\" en conjunci\u00f3n con las recargas de p\u00e1gina, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n arbitraria de c\u00f3digo a trav\u00e9s de un sitio web manipulado que provoca un intento de ejecuci\u00f3n de datos y una asignaci\u00f3n de memoria sin mapear."}], "id": "CVE-2013-1690", "lastModified": "2024-07-09T18:25:57.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2013-06-26T03:19:10.793", "references": [{"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2716"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2720"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html"}, {"source": "security@mozilla.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/60778"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1890-1"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1891-1"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365"}, {"source": "security@mozilla.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "affected_release": [{"advisory": "RHSA-2013:0982", "cpe": "cpe:/a:redhat:rhel_productivity:5", "package": "thunderbird-0:17.0.7-1.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-06-25T00:00:00Z"}, {"advisory": "RHSA-2013:0981", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:17.0.7-1.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-06-25T00:00:00Z"}, {"advisory": "RHSA-2013:0981", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "xulrunner-0:17.0.7-1.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-06-25T00:00:00Z"}, {"advisory": "RHSA-2013:0981", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:17.0.7-1.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-06-25T00:00:00Z"}, {"advisory": "RHSA-2013:0981", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xulrunner-0:17.0.7-1.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-06-25T00:00:00Z"}, {"advisory": "RHSA-2013:0982", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:17.0.7-1.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-06-25T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Execution of unmapped memory through onreadystatechange event (MFSA 2013-53)", "id": "977602", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=977602"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location."], "name": "CVE-2013-1690", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1690\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1690\nhttp://www.mozilla.org/security/announce/2013/mfsa2013-53.html\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}