CVE-2013-1690

HIGH KEV

Firefox < 22.0 and Thunderbird < 17.0.7 - Remote Code Execution via onreadystatechange Event Handling

Title source: llm

Exploitation Summary

CVE-2013-1690 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 28, 2022. EIP tracks 3 public exploits from researchers including Metasploit, vlad902, Nils, Unknown, w3bd3vil, sinn3r, juan vazquez, including a Metasploit module exploits/windows/browser/mozilla_firefox_onreadystatechange.

AI-analyzed exploit summary This Metasploit module exploits a use-after-free vulnerability in Firefox 17.0.6 via a crafted webpage using onreadystatechange events and window.stop(). It achieves RCE through heap spraying and ROP chains on Windows XP SP3.

Description

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/27429

View Code ZIP pw:eip

This Metasploit module exploits a use-after-free vulnerability in Firefox 17.0.6 via a crafted webpage using onreadystatechange events and window.stop(). It achieves RCE through heap spraying and ROP chains on Windows XP SP3.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Firefox 17.0.6 and Firefox 21 on Windows XP SP3

No auth needed

Prerequisites: Target must be using Firefox 17.0.6 or Firefox 21 on Windows XP SP3 · Target must visit a malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 14 stars

by vlad902 · client-side

https://github.com/vlad902/annotated-fbi-tbb-exploit

View Code ZIP pw:eip

This is a working exploit PoC for CVE-2013-1690, targeting a memory corruption vulnerability in Firefox's JavaScript engine. The exploit manipulates array buffers and sparse arrays to achieve arbitrary memory read/write, leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Mozilla Firefox < 17

No auth needed

Prerequisites: Victim must visit a malicious webpage · Firefox version < 17

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Nils, Unknown, w3bd3vil, sinn3r, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mozilla_firefox_onreadystatechange.rb

View Code ZIP pw:eip

This Metasploit module exploits a use-after-free vulnerability in Firefox 17.0.6 and 21 via a crafted HTML page using onreadystatechange events and window.stop(). It achieves remote code execution by spraying the heap with shellcode and manipulating the DocumentViewerImpl object.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: Mozilla Firefox 17.0.6, 21 on Windows XP SP3

No auth needed

Prerequisites: Target must be using Firefox 17 or 21 on Windows XP SP3 · Target must visit a malicious webpage

MITRE ATT&CK