Executive Summary

Informations
Name CVE-2013-1701 First vendor Publication 2013-08-06
Vendor Cve Last vendor Modification 2017-09-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1701

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18514
 
Oval ID: oval:org.mitre.oval:def:18514
Title: Miscellaneous memory safety hazards
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1701
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21008
 
Oval ID: oval:org.mitre.oval:def:21008
Title: RHSA-2013:1142: thunderbird security update (Important)
Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-1701) A flaw was found in the way Thunderbird generated Certificate Request Message Format (CRMF) requests. An attacker could use this flaw to perform cross-site scripting (XSS) attacks or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-1710) A flaw was found in the way Thunderbird handled the interaction between frames and browser history. An attacker could use this flaw to trick Thunderbird into treating malicious content as if it came from the browser history, allowing for XSS attacks. (CVE-2013-1709) It was found that the same-origin policy could be bypassed due to the way Uniform Resource Identifiers (URI) were checked in JavaScript. An attacker could use this flaw to perform XSS attacks, or install malicious add-ons from third-party pages. (CVE-2013-1713) It was found that web workers could bypass the same-origin policy. An attacker could use this flaw to perform XSS attacks. (CVE-2013-1714) It was found that, in certain circumstances, Thunderbird incorrectly handled Java applets. If a user launched an untrusted Java applet via Thunderbird, the applet could use this flaw to obtain read-only access to files on the user's local system. (CVE-2013-1717) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jeff Gilbert, Henrik Skupin, moz_bug_r_a4, Cody Crews, Federico Lanusse, and Georgi Guninski as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.8 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
Family: unix Class: patch
Reference(s): RHSA-2013:1142-01
CESA-2013:1142
CVE-2013-1701
Version: 5
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
CentOS Linux 6
Product(s): thunderbird
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 336
Application 8
Application 197
Application 227
Application 8

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-652.nasl - Type : ACT_GATHER_INFO
2013-09-28 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-23.nasl - Type : ACT_GATHER_INFO
2013-08-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2746.nasl - Type : ACT_GATHER_INFO
2013-08-14 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-130810.nasl - Type : ACT_GATHER_INFO
2013-08-14 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-130809.nasl - Type : ACT_GATHER_INFO
2013-08-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2735.nasl - Type : ACT_GATHER_INFO
2013-08-09 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_0998e79d005511e3905b0025905a4771.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Windows host contains a mail client that is potentially affected b...
File : mozilla_thunderbird_1708_esr.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1925-1.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130807_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130807_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Windows host contains a web browser that is potentially affected b...
File : seamonkey_220.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1142.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1140.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2013-1142.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1140.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1140.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Windows host contains a mail client that is potentially affected b...
File : mozilla_thunderbird_1708.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Windows host contains a web browser that is potentially affected b...
File : mozilla_firefox_23.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Windows host contains a web browser that is potentially affected b...
File : mozilla_firefox_1708_esr.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Mac OS X host contains a mail client that is potentially affected ...
File : macosx_thunderbird_17_0_8_esr.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Mac OS X host contains a mail client that is potentially affected ...
File : macosx_thunderbird_17_0_8.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Mac OS X host contains a web browser that is potentially affected ...
File : macosx_firefox_23.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Mac OS X host contains a web browser that is potentially affected ...
File : macosx_firefox_17_0_8_esr.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2013-1142.nasl - Type : ACT_GATHER_INFO
2013-08-07 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1924-1.nasl - Type : ACT_GATHER_INFO
2013-08-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1924-2.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/61874
CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-63.html
https://bugzilla.mozilla.org/show_bug.cgi?id=880734
https://bugzilla.mozilla.org/show_bug.cgi?id=888107
DEBIAN http://www.debian.org/security/2013/dsa-2735
http://www.debian.org/security/2013/dsa-2746
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Date Informations
2024-02-10 01:20:45
  • Multiple Updates
2024-02-02 01:22:30
  • Multiple Updates
2024-02-01 12:06:38
  • Multiple Updates
2023-09-05 12:21:16
  • Multiple Updates
2023-09-05 01:06:32
  • Multiple Updates
2023-09-02 12:21:17
  • Multiple Updates
2023-09-02 01:06:38
  • Multiple Updates
2023-08-22 12:18:59
  • Multiple Updates
2023-07-14 01:06:34
  • Multiple Updates
2023-03-28 12:06:41
  • Multiple Updates
2022-10-11 01:06:20
  • Multiple Updates
2021-05-04 12:24:29
  • Multiple Updates
2021-04-22 01:29:18
  • Multiple Updates
2020-10-14 01:09:14
  • Multiple Updates
2020-10-03 01:09:18
  • Multiple Updates
2020-05-29 01:08:32
  • Multiple Updates
2020-05-24 01:10:52
  • Multiple Updates
2020-05-23 00:36:37
  • Multiple Updates
2019-06-25 12:05:15
  • Multiple Updates
2019-01-31 12:01:39
  • Multiple Updates
2019-01-30 12:05:19
  • Multiple Updates
2018-06-29 12:01:42
  • Multiple Updates
2018-01-18 12:05:20
  • Multiple Updates
2017-11-22 12:05:18
  • Multiple Updates
2017-11-21 12:04:28
  • Multiple Updates
2017-09-19 09:25:55
  • Multiple Updates
2017-01-07 09:25:11
  • Multiple Updates
2016-06-28 19:23:25
  • Multiple Updates
2016-04-26 22:59:48
  • Multiple Updates
2014-06-14 13:35:00
  • Multiple Updates
2014-02-17 11:18:11
  • Multiple Updates
2013-11-04 21:26:32
  • Multiple Updates
2013-09-12 13:20:08
  • Multiple Updates
2013-08-09 17:21:54
  • Multiple Updates
2013-08-07 21:20:13
  • First insertion