CVE-2013-1694

2013-06-2603:19:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-1694

mozilla firefox

thunderbird

preservewrapper

vulnerability

nvd

denial of service

remote execution

8.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.13 Low

EPSS

Percentile

95.5%

JSON

The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache’s preserved-wrapper flag.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq19.0
mozilla:firefoxmozilla firefoxeq19.0.2
mozilla:firefoxmozilla firefoxeq20.0.1
mozilla:firefoxmozilla firefoxeq19.0.1
mozilla:firefoxmozilla firefoxeq20.0
mozilla:firefoxmozilla firefoxle21.0
mozilla:firefox_esrmozilla firefox esreq17.0.5
mozilla:firefox_esrmozilla firefox esreq17.0
mozilla:firefox_esrmozilla firefox esreq17.0.1
mozilla:firefox_esrmozilla firefox esreq17.0.6

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	19.0
mozilla:firefox	mozilla firefox	eq	19.0.2
mozilla:firefox	mozilla firefox	eq	20.0.1
mozilla:firefox	mozilla firefox	eq	19.0.1
mozilla:firefox	mozilla firefox	eq	20.0
mozilla:firefox	mozilla firefox	le	21.0
mozilla:firefox_esr	mozilla firefox esr	eq	17.0.5
mozilla:firefox_esr	mozilla firefox esr	eq	17.0
mozilla:firefox_esr	mozilla firefox esr	eq	17.0.1
mozilla:firefox_esr	mozilla firefox esr	eq	17.0.6