9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.039 Low
EPSS
Percentile
90.9%
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
Recent assessments:
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html
rhn.redhat.com/errata/RHSA-2013-0981.html
rhn.redhat.com/errata/RHSA-2013-0982.html
www.debian.org/security/2013/dsa-2716
www.debian.org/security/2013/dsa-2720
www.mozilla.org/security/announce/2013/mfsa2013-53.html
www.securityfocus.com/bid/60778
www.ubuntu.com/usn/USN-1890-1
www.ubuntu.com/usn/USN-1891-1
bugzilla.mozilla.org/show_bug.cgi?id=857883
bugzilla.mozilla.org/show_bug.cgi?id=901365
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996