CVE-2013-1675

MEDIUM KEV

Mozilla Firefox <21 - Info Disclosure

Title source: llm

Description

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

References (16)

Scores

CVSS v3 6.5
EPSS 0.0795
EPSS Percentile 92.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CISA KEV 2022-03-03
VulnCheck KEV 2022-03-03
InTheWild.io 2022-03-03
ENISA EUVD EUVD-2013-1702
CWE
CWE-665
Status published
Products (31)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.04
debian/debian_linux 7.0
mozilla/firefox < 21.0
mozilla/thunderbird < 17.0.6
mozilla/thunderbird_esr 17.0 - 17.0.6
opensuse/opensuse 12.2
opensuse/opensuse 12.3
redhat/enterprise_linux_desktop 5.0
... and 21 more
Published May 16, 2013
KEV Added Mar 03, 2022
Tracked Since Feb 18, 2026