Lucene search
HistoryOct 30, 2013 - 10:55 a.m.
CVE-2013-5595
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.9 Medium
AI Score
Confidence
Low
0.011 Low
EPSS
Percentile
84.8%
The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page.
Affected configurations
Node
mozillathunderbird_esrMatch17.0
ORmozillathunderbird_esrMatch17.0.1
ORmozillathunderbird_esrMatch17.0.2
ORmozillathunderbird_esrMatch17.0.3
ORmozillathunderbird_esrMatch17.0.4
ORmozillathunderbird_esrMatch17.0.5
ORmozillathunderbird_esrMatch17.0.6
ORmozillathunderbird_esrMatch17.0.7
ORmozillathunderbird_esrMatch17.0.8
ORmozillathunderbird_esrMatch17.0.9
Node
mozillafirefoxRange≤24.0
ORmozillafirefoxMatch19.0
ORmozillafirefoxMatch19.0.1
ORmozillafirefoxMatch19.0.2
ORmozillafirefoxMatch20.0
ORmozillafirefoxMatch20.0.1
ORmozillafirefoxMatch21.0
ORmozillafirefoxMatch22.0
ORmozillafirefoxMatch23.0
ORmozillafirefoxMatch23.0.1
Node
mozillaseamonkeyRange≤2.22beta2
ORmozillaseamonkeyMatch2.0
ORmozillaseamonkeyMatch2.0alpha_1
ORmozillaseamonkeyMatch2.0alpha_2
ORmozillaseamonkeyMatch2.0alpha_3
ORmozillaseamonkeyMatch2.0beta_1
ORmozillaseamonkeyMatch2.0beta_2
ORmozillaseamonkeyMatch2.0rc1
ORmozillaseamonkeyMatch2.0rc2
ORmozillaseamonkeyMatch2.0.1
ORmozillaseamonkeyMatch2.0.2
ORmozillaseamonkeyMatch2.0.3
ORmozillaseamonkeyMatch2.0.4
ORmozillaseamonkeyMatch2.0.5
ORmozillaseamonkeyMatch2.0.6
ORmozillaseamonkeyMatch2.0.7
ORmozillaseamonkeyMatch2.0.8
ORmozillaseamonkeyMatch2.0.9
ORmozillaseamonkeyMatch2.0.10
ORmozillaseamonkeyMatch2.0.11
ORmozillaseamonkeyMatch2.0.12
ORmozillaseamonkeyMatch2.0.13
ORmozillaseamonkeyMatch2.0.14
ORmozillaseamonkeyMatch2.1
ORmozillaseamonkeyMatch2.1alpha1
ORmozillaseamonkeyMatch2.1alpha2
ORmozillaseamonkeyMatch2.1alpha3
ORmozillaseamonkeyMatch2.1beta1
ORmozillaseamonkeyMatch2.1beta2
ORmozillaseamonkeyMatch2.1beta3
ORmozillaseamonkeyMatch2.1rc1
ORmozillaseamonkeyMatch2.1rc2
ORmozillaseamonkeyMatch2.10
ORmozillaseamonkeyMatch2.10beta1
ORmozillaseamonkeyMatch2.10beta2
ORmozillaseamonkeyMatch2.10beta3
ORmozillaseamonkeyMatch2.10.1
ORmozillaseamonkeyMatch2.11
ORmozillaseamonkeyMatch2.11beta1
ORmozillaseamonkeyMatch2.11beta2
ORmozillaseamonkeyMatch2.11beta3
ORmozillaseamonkeyMatch2.11beta4
ORmozillaseamonkeyMatch2.11beta5
ORmozillaseamonkeyMatch2.11beta6
ORmozillaseamonkeyMatch2.12
ORmozillaseamonkeyMatch2.12beta1
ORmozillaseamonkeyMatch2.12beta2
ORmozillaseamonkeyMatch2.12beta3
ORmozillaseamonkeyMatch2.12beta4
ORmozillaseamonkeyMatch2.12beta5
ORmozillaseamonkeyMatch2.12beta6
ORmozillaseamonkeyMatch2.12.1
ORmozillaseamonkeyMatch2.13
ORmozillaseamonkeyMatch2.13beta1
ORmozillaseamonkeyMatch2.13beta2
ORmozillaseamonkeyMatch2.13beta3
ORmozillaseamonkeyMatch2.13beta4
ORmozillaseamonkeyMatch2.13beta5
ORmozillaseamonkeyMatch2.13beta6
ORmozillaseamonkeyMatch2.13.1
ORmozillaseamonkeyMatch2.13.2
ORmozillaseamonkeyMatch2.14
ORmozillaseamonkeyMatch2.14beta1
ORmozillaseamonkeyMatch2.14beta2
ORmozillaseamonkeyMatch2.14beta3
ORmozillaseamonkeyMatch2.14beta4
ORmozillaseamonkeyMatch2.14beta5
ORmozillaseamonkeyMatch2.15
ORmozillaseamonkeyMatch2.15beta1
ORmozillaseamonkeyMatch2.15beta2
ORmozillaseamonkeyMatch2.15beta3
ORmozillaseamonkeyMatch2.15beta4
ORmozillaseamonkeyMatch2.15beta5
ORmozillaseamonkeyMatch2.15beta6
ORmozillaseamonkeyMatch2.15.1
ORmozillaseamonkeyMatch2.15.2
ORmozillaseamonkeyMatch2.16
ORmozillaseamonkeyMatch2.16beta1
ORmozillaseamonkeyMatch2.16beta2
ORmozillaseamonkeyMatch2.16beta3
ORmozillaseamonkeyMatch2.16beta4
ORmozillaseamonkeyMatch2.16beta5
ORmozillaseamonkeyMatch2.16.1
ORmozillaseamonkeyMatch2.16.2
ORmozillaseamonkeyMatch2.17
ORmozillaseamonkeyMatch2.17beta1
ORmozillaseamonkeyMatch2.17beta2
ORmozillaseamonkeyMatch2.17beta3
ORmozillaseamonkeyMatch2.17beta4
ORmozillaseamonkeyMatch2.17.1
ORmozillaseamonkeyMatch2.18beta1
ORmozillaseamonkeyMatch2.18beta2
ORmozillaseamonkeyMatch2.18beta3
ORmozillaseamonkeyMatch2.18beta4
ORmozillaseamonkeyMatch2.19
ORmozillaseamonkeyMatch2.19beta1
ORmozillaseamonkeyMatch2.19beta2
ORmozillaseamonkeyMatch2.20
ORmozillaseamonkeyMatch2.20beta1
ORmozillaseamonkeyMatch2.20beta2
ORmozillaseamonkeyMatch2.20beta3
ORmozillaseamonkeyMatch2.21beta1
ORmozillaseamonkeyMatch2.21beta2
ORmozillaseamonkeyMatch2.22beta1
Node
mozillafirefox_esrMatch17.0
ORmozillafirefox_esrMatch17.0.1
ORmozillafirefox_esrMatch17.0.2
ORmozillafirefox_esrMatch17.0.3
ORmozillafirefox_esrMatch17.0.4
ORmozillafirefox_esrMatch17.0.5
ORmozillafirefox_esrMatch17.0.6
ORmozillafirefox_esrMatch17.0.7
ORmozillafirefox_esrMatch17.0.8
ORmozillafirefox_esrMatch17.0.9
ORmozillafirefox_esrMatch24.0
ORmozillafirefox_esrMatch24.0.1
ORmozillafirefox_esrMatch24.0.2
Node
mozillathunderbirdRange≤24.0.1
ORmozillathunderbirdMatch17.0
ORmozillathunderbirdMatch17.0.1
ORmozillathunderbirdMatch17.0.2
ORmozillathunderbirdMatch17.0.3
ORmozillathunderbirdMatch17.0.4
ORmozillathunderbirdMatch17.0.5
ORmozillathunderbirdMatch17.0.6
ORmozillathunderbirdMatch17.0.7
ORmozillathunderbirdMatch17.0.8
ORmozillathunderbirdMatch24.0
References
lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html
lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html
lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html
rhn.redhat.com/errata/RHSA-2013-1476.html
rhn.redhat.com/errata/RHSA-2013-1480.html
www.debian.org/security/2013/dsa-2788
www.debian.org/security/2013/dsa-2797
www.mozilla.org/security/announce/2013/mfsa2013-96.html
www.securityfocus.com/bid/63421
bugzilla.mozilla.org/show_bug.cgi?id=916580
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18694
security.gentoo.org/glsa/201504-01
Related
cve
cve
CVE-2013-5595
2013-10-30 10:55:04
prion
prion
Buffer overflow
2013-10-30 10:55:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-96) - Linux
2021-11-11 00:00:00
Mozilla Firefox ESR Multiple Vulnerabilities-02 (Nov 2013) - Windows
2013-11-07 00:00:00
CentOS Update for thunderbird CESA-2013:1480 centos6
2013-11-08 00:00:00
mozilla
mozilla
cvelist
cvelist
CVE-2013-5595
2013-10-30 10:00:00
ubuntucve
ubuntucve
CVE-2013-5595
2013-10-29 00:00:00
nessus
nessus
Debian DSA-2797-1 : icedove - several vulnerabilities
2013-11-21 00:00:00
Debian DSA-2788-1 : iceweasel - several vulnerabilities
2013-11-01 00:00:00
centos
centos
firefox, xulrunner security update
2013-10-30 04:12:01
thunderbird security update
2013-10-30 22:19:56
veracode
veracode
Memory Corruption
2019-05-02 04:56:51
Buffer Overflow
2019-05-02 04:56:49
Use After Free
2019-05-02 04:56:51
redhat
redhat
(RHSA-2013:1480) Important: thunderbird security update
2013-10-30 00:00:00
(RHSA-2013:1476) Critical: firefox security update
2013-10-29 00:00:00
mageia
mageia
Updated thunderbird package fixes security vulnerabilities
2013-11-18 18:39:59
Updated firefox & related packages fix multiple security vulnerabilities
2013-11-09 22:55:13
Updated iceape packages fix many vulnerabilities
2013-11-21 00:16:49
debian
debian
[SECURITY] [DSA 2797-1] icedove security update
2013-11-13 21:44:43
[SECURITY] [DSA 2788-1] iceweasel security update
2013-10-31 08:03:44
oraclelinux
oraclelinux
thunderbird security update
2013-10-30 00:00:00
firefox security update
2013-10-29 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-11-15 03:04:14
Mozilla updates 10/2013 (important)
2013-11-07 11:04:15
Mozilla Suite: Update to October 2013 release (important)
2013-11-07 10:04:11
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-10-31 00:00:00
Firefox vulnerabilities
2013-10-29 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-10-29 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-11-05 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.9 Medium
AI Score
Confidence
Low
0.011 Low
EPSS
Percentile
84.8%
Related for NVD:CVE-2013-5595