Exploitation Summary
CVE-2013-1675 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022.
Description
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
References (16)
Core 16
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1675
Mailing List vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2699
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:165
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
Exploit, Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=866825
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1823-1
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0821.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2013/mfsa2013-47.html
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0820.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/59858
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1822-1
Scores
CVSS v3
6.5
EPSS
0.0795
EPSS Percentile
92.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2022-03-03
VulnCheck KEV
2022-03-03
InTheWild.io
2022-03-03
ENISA EUVD
EUVD-2013-1702
CWE
CWE-665
Status
published
Products (31)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
canonical/ubuntu_linux
13.04
debian/debian_linux
7.0
mozilla/firefox
< 21.0
mozilla/thunderbird
< 17.0.6
mozilla/thunderbird_esr
17.0 - 17.0.6
opensuse/opensuse
12.2
opensuse/opensuse
12.3
redhat/enterprise_linux_desktop
5.0
... and 21 more
Published
May 16, 2013
KEV Added
Mar 03, 2022
Tracked Since
Feb 18, 2026