CVE-2013-1675 — MEDIUM (6.5)

Q: How severe is CVE-2013-1675?

CVE-2013-1675 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-1675?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird, Mozilla Thunderbird Esr, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	< 21.0
Mozilla	Thunderbird	< 17.0.6
Mozilla	Thunderbird Esr	>= 17.0, < 17.0.6
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	7.0
Redhat	Gluster Storage Server For On-Premise	2.1
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	5.9
Redhat	Enterprise Linux For Ibm Z Systems	5.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	5.9_s390x
Redhat	Enterprise Linux For Power Big Endian	5.0_ppc
Redhat	Enterprise Linux For Power Big Endian Eus	5.9_ppc
Redhat	Enterprise Linux For Scientific Computing	6.0
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Aus	5.9
Redhat	Enterprise Linux Server Eus From Rhui	5.9
Redhat	Enterprise Linux Workstation	5.0
Opensuse	Opensuse	12.2

Related Weaknesses (CWE)

CWE-665

References

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0820.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0821.htmlThird Party Advisory
http://www.debian.org/security/2013/dsa-2699Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2013:165Broken Link
http://www.mozilla.org/security/announce/2013/mfsa2013-47.htmlVendor Advisory
http://www.securityfocus.com/bid/59858Broken LinkThird Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1822-1Third Party Advisory
http://www.ubuntu.com/usn/USN-1823-1Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=866825ExploitIssue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link

FAQ

What is CVE-2013-1675?

CVE-2013-1675 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPr...

How severe is CVE-2013-1675?

CVE-2013-1675 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1675?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird, Mozilla Thunderbird Esr, Canonical Ubuntu Linux, Debian Debian Linux.