High severity8.8CISA KEVNVD Advisory· Published Jun 26, 2013· Updated Jun 16, 2026

CVE-2013-1690

Description

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Mozilla Corporation/Firefox2 versions
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <22.0
- (no CPE)range: <22.0
Mozilla Corporation/Thunderbird3 versions
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <17.0.7
- cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*range: >=17.0,<17.0.7
- (no CPE)range: <17.0.7
Red Hat/Gluster Storage Server For On Premise
cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*
Canonical/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Debian/linux
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
OpenSUSE/openSUSE3 versions
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus2 versions
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus2 versions
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop3 versions
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server7 versions
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*+ 6 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
SUSE S.A./Linux Enterprise Software Development Kit2 versions
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
osv-coords3 versions
pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1

Patches

Vulnerability mechanics

References

lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-0981.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-0982.htmlnvdThird Party Advisory
www.debian.org/security/2013/dsa-2716nvdMailing ListThird Party Advisory
www.debian.org/security/2013/dsa-2720nvdMailing ListThird Party Advisory
www.mozilla.org/security/announce/2013/mfsa2013-53.htmlnvdVendor Advisory
www.securityfocus.com/bid/60778nvdBroken LinkThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-1890-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-1891-1nvdThird Party Advisory
bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996nvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.055
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000