CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.5%
Multiple memory safety issues were discovered in Thunderbird. If the user
were tricked into opening a specially crafted message with scripting
enabled, an attacker could possibly exploit these to cause a denial of
service via application crash, or potentially execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2013-1682)
Abhishek Arya discovered multiple use-after-free bugs. If the user were
tricked into opening a specially crafted message with scripting enabled,
an attacker could possibly exploit these to execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2013-1684,
CVE-2013-1685, CVE-2013-1686)
Mariusz Mlynski discovered that user defined code within the XBL scope of
an element could be made to bypass System Only Wrappers (SOW). If a user
had scripting enabled, an attacker could potentially exploit this to
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2013-1687)
A crash was discovered when reloading a page that contained content using
the onreadystatechange event. If a user had scripting enabled, an attacker
could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2013-1690)
Johnathan Kuskos discovered that Thunderbird sent data in the body of
XMLHttpRequest HEAD requests. If a user had scripting enabled, an attacker
could exploit this to conduct Cross-Site Request Forgery (CSRF) attacks.
(CVE-2013-1692)
Paul Stone discovered a timing flaw in the processing of SVG images with
filters. If a user had scripting enabled, an attacker could exploit this
to view sensitive information. (CVE-2013-1693)
Boris Zbarsky discovered a flaw in PreserveWrapper. If a user had
scripting enabled, an attacker could potentially exploit this to cause
a denial of service via application crash, or execute code with the
privileges of the user invoking Thunderbird. (CVE-2013-1694)
It was discovered that XrayWrappers could be bypassed to call
content-defined methods in certain circumstances. If a user had scripting
enabled, an attacker could exploit this to cause undefined behaviour.
(CVE-2013-1697)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.04 | noarch | thunderbird | < 17.0.7+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-dbg | < 17.0.7+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-dev | < 17.0.7+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-globalmenu | < 17.0.7+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-gnome-support | < 17.0.7+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-gnome-support-dbg | < 17.0.7+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-locale-af | < 1:17.0.7+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-locale-ar | < 1:17.0.7+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-locale-ast | < 1:17.0.7+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-locale-be | < 1:17.0.7+build1-0ubuntu0.13.04.1 | UNKNOWN |
launchpad.net/bugs/1193919
ubuntu.com/security/CVE-2013-1682
ubuntu.com/security/CVE-2013-1684
ubuntu.com/security/CVE-2013-1685
ubuntu.com/security/CVE-2013-1686
ubuntu.com/security/CVE-2013-1687
ubuntu.com/security/CVE-2013-1690
ubuntu.com/security/CVE-2013-1692
ubuntu.com/security/CVE-2013-1693
ubuntu.com/security/CVE-2013-1694
ubuntu.com/security/CVE-2013-1697
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.5%