CVE-2013-1690

Publication date 25 June 2013

Last updated 21 August 2024

Ubuntu priority

Cvss 3 Severity Score

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	13.04 raring	Fixed 22.0+build1-0ubuntu0.13.04.1
	12.10 quantal	Fixed 22.0+build1-0ubuntu0.12.10.1
	12.04 LTS precise	Fixed 22.0+build1-0ubuntu0.12.04.1
	10.04 LTS lucid	Ignored end of life
seamonkey	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Ignored end of life
thunderbird	13.04 raring	Fixed 17.0.7+build1-0ubuntu0.13.04.1
	12.10 quantal	Fixed 17.0.7+build1-0ubuntu0.12.10.1
	12.04 LTS precise	Fixed 17.0.7+build1-0ubuntu0.12.04.1
	10.04 LTS lucid	Ignored end of life
xulrunner-1.9.2	13.04 raring	Not in release
	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Ignored end of life

Severity score breakdown

Parameter	Value
Base score	8.8 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2013-1690

Cvss 3 Severity Score

Status

Severity score breakdown

References

Related Ubuntu Security Notices (USN)

Other references