CVE-2013-1690
HIGH KEVMozilla Firefox < 22.0 - Memory Corruption
Title source: ruleDescription
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
Exploits (3)
nomisec
WORKING POC
14 stars
by vlad902 · client-side
https://github.com/vlad902/annotated-fbi-tbb-exploit
metasploit
WORKING POC
NORMAL
by Nils, Unknown, w3bd3vil, sinn3r, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mozilla_firefox_onreadystatechange.rb
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/27429
References (18)
Scores
CVSS v3
8.8
EPSS
0.4706
EPSS Percentile
97.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitation Intel
CISA KEV
2022-03-28
VulnCheck KEV
2013-09-13
InTheWild.io
2022-03-28
ENISA EUVD
EUVD-2013-1717
Classification
CWE
CWE-119
Status
draft
Affected Products (33)
mozilla/firefox
< 22.0
mozilla/thunderbird
< 17.0.7
mozilla/thunderbird_esr
< 17.0.7
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
debian/debian_linux
redhat/gluster_storage_server_for_on-premise
redhat/enterprise_linux_desktop
redhat/enterprise_linux_desktop
redhat/enterprise_linux_eus
redhat/enterprise_linux_eus
redhat/enterprise_linux_server
redhat/enterprise_linux_server
redhat/enterprise_linux_server_aus
... and 18 more
Timeline
Published
Jun 26, 2013
KEV Added
Mar 28, 2022
Tracked Since
Feb 18, 2026