Skip to main content
CVE-2013-1690 HIGH POC KEV THREAT Act Now

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Denial Of Service Buffer Overflow Mozilla RCE
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
47.1%
Threat
6.2
CVE-2013-1686 CRITICAL Act Now

Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +2
NVD
CVSS 2.0
10.0
EPSS
2.5%
CVE-2013-1683 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox
NVD
CVSS 2.0
10.0
EPSS
1.8%
CVE-2013-1682 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +2
NVD
CVSS 2.0
10.0
EPSS
1.8%
CVE-2013-1697 CRITICAL Act Now

The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Google Firefox Thunderbird +2
NVD
CVSS 2.0
9.3
EPSS
2.6%
CVE-2013-1687 CRITICAL Act Now

The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Google XSS Firefox +3
NVD
CVSS 2.0
9.3
EPSS
2.6%
CVE-2013-1688 CRITICAL Act Now

The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Mozilla RCE Firefox
NVD
CVSS 2.0
9.3
EPSS
1.2%
CVE-2013-1685 CRITICAL Act Now

Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +2
NVD
CVSS 2.0
9.3
EPSS
0.8%
CVE-2013-1684 CRITICAL Act Now

Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +2
NVD
CVSS 2.0
9.3
EPSS
0.8%
CVE-2013-1694 HIGH This Week

The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Firefox Thunderbird +1
NVD
CVSS 2.0
7.5
EPSS
2.9%
CVE-2013-3382 HIGH This Week

The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-1700 HIGH This Week

The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Microsoft Firefox
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-3397 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Unified Communications Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3393 MEDIUM This Month

The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Cisco Jabber Virtualization Experience Media Engine
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-1699 MEDIUM This Month

The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-3398 MEDIUM This Month

The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Prime Central For Hosted Collaboration Solution
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-1695 MEDIUM This Month

Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-1692 MEDIUM This Month

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Privilege Escalation Mozilla Firefox Thunderbird +1
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2013-1693 MEDIUM This Month

The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Firefox Thunderbird Thunderbird Esr
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-1698 MEDIUM This Month

The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Firefox
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3396 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Content Security Management Appliance
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1696 MEDIUM This Month

Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Firefox
NVD
CVSS 2.0
4.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy