CVE-2013-1690

CVE Database · CVE-2013-1690

CVE-2013-1690

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

69.24%

Published

Jun 26, 2013

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-28 · Due: 2022-04-18

Apply updates per vendor instructions.

Public PoC / Exploit (3)

All weaponized →

Exploit-DBMozilla Firefox - onreadystatechange Event DocumentViewerImpl Use-After-Free (Metasploit)TrickestTrickest PoC index GitHub PoCvlad902/annotated-fbi-tbb-exploit★14

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-119CWE-119

Affected Products (34)

mozilla · firefox (up to 22.0)vulnerable

mozilla · firefox (up to 17.0.7)vulnerable

mozilla · thunderbird (up to 17.0.7)vulnerable

mozilla · thunderbird_esr (up to 17.0.7)vulnerable

canonical · ubuntu_linuxvulnerable

debian · debian_linuxvulnerable

redhat · gluster_storage_server_for_on-premisevulnerable