Vulnerability Details : CVE-2013-1694
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag.
Vulnerability category: Input validationExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-1694
Probability of exploitation activity in the next 30 days: 12.99%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-1694
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-1694
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1694
-
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html
[security-announce] openSUSE-SU-2013:1140-1: important: regular updates
-
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
[security-announce] openSUSE-SU-2013:1142-1: important: MozillaFirefox:
-
http://www.debian.org/security/2013/dsa-2716
Debian -- Security Information -- DSA-2716-1 iceweasel
-
http://www.mozilla.org/security/announce/2013/mfsa2013-56.html
PreserveWrapper has inconsistent behavior — MozillaVendor Advisory
-
http://www.debian.org/security/2013/dsa-2720
Debian -- Security Information -- DSA-2720-1 icedove
-
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html
[security-announce] openSUSE-SU-2013:1143-1: important: xulrunner: 17.0.
-
http://www.ubuntu.com/usn/USN-1890-1
USN-1890-1: Firefox vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/60776
Mozilla Firefox/Thunderbird CVE-2013-1694 Remote Code Execution Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2013-0982.html
RHSA-2013:0982 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0981.html
RHSA-2013:0981 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-1891-1
USN-1891-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html
[security-announce] openSUSE-SU-2013:1141-1: important: MozillaThunderbi
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17405
Repository / Oval Repository
-
https://bugzilla.mozilla.org/show_bug.cgi?id=848535
848535 - (CVE-2013-1694) Use of PreserveWrapper in cases when we don't have a wrapper seems broken
Products affected by CVE-2013-1694
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*