9 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.908 High
EPSS
Percentile
98.8%
Multiple memory safety issues were discovered in Firefox. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2013-0801, CVE-2013-1669)
Cody Crews discovered that some constructors could be used to bypass
restrictions enforced by their Chrome Object Wrapper (COW). An attacker
could exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2013-1670)
It was discovered that the file input element could expose the full local
path under certain conditions. An attacker could potentially exploit this
to steal sensitive information. (CVE-2013-1671)
A use-after-free was discovered when resizing video content whilst it is
playing. An attacker could potentially exploit this to execute code with
the privileges of the user invoking Firefox. (CVE-2013-1674)
It was discovered that some DOMSVGZoomEvent functions could be used
without being properly initialized, which could lead to information
leakage. (CVE-2013-1675)
Abhishek Arya discovered multiple memory safety issues in Firefox. If
the user were tricked into opening a specially crafted page, an attacker
could possibly exploit these to cause a denial of service via application
crash, or potentially execute code with the privileges of the user
invoking Firefox. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678,
CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.04 | noarch | firefox | < 21.0+build2-0ubuntu0.13.04.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | firefox-dbg | < 21.0+build2-0ubuntu0.13.04.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | firefox-dev | < 21.0+build2-0ubuntu0.13.04.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | firefox-globalmenu | < 21.0+build2-0ubuntu0.13.04.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | firefox-gnome-support | < 21.0+build2-0ubuntu0.13.04.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | firefox-locale-af | < 21.0+build2-0ubuntu0.13.04.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | firefox-locale-ar | < 21.0+build2-0ubuntu0.13.04.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | firefox-locale-as | < 21.0+build2-0ubuntu0.13.04.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | firefox-locale-ast | < 21.0+build2-0ubuntu0.13.04.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | firefox-locale-be | < 21.0+build2-0ubuntu0.13.04.2 | UNKNOWN |
launchpad.net/bugs/1178277
ubuntu.com/security/CVE-2013-0801
ubuntu.com/security/CVE-2013-1669
ubuntu.com/security/CVE-2013-1670
ubuntu.com/security/CVE-2013-1671
ubuntu.com/security/CVE-2013-1674
ubuntu.com/security/CVE-2013-1675
ubuntu.com/security/CVE-2013-1676
ubuntu.com/security/CVE-2013-1677
ubuntu.com/security/CVE-2013-1678
ubuntu.com/security/CVE-2013-1679
ubuntu.com/security/CVE-2013-1680
ubuntu.com/security/CVE-2013-1681