High severity8.8CISA KEVNVD Advisory· Published Jun 26, 2013· Updated Apr 22, 2026

CVE-2013-1690

Description

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: <22.0
Mozilla Corporation/Thunderbird
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Range: <17.0.7
Mozilla Corporation/Thunderbird Esr
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
Range: >=17.0,<17.0.7
Red Hat/Gluster Storage Server For On Premise
cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
OpenSUSE/openSUSE3 versions
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus2 versions
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus2 versions
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop3 versions
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server7 versions
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*+ 6 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
SUSE S.A./Linux Enterprise Software Development Kit2 versions
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-0981.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-0982.htmlnvdThird Party Advisory
www.debian.org/security/2013/dsa-2716nvdMailing ListThird Party Advisory
www.debian.org/security/2013/dsa-2720nvdMailing ListThird Party Advisory
www.mozilla.org/security/announce/2013/mfsa2013-53.htmlnvdVendor Advisory
www.securityfocus.com/bid/60778nvdBroken LinkThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-1890-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-1891-1nvdThird Party Advisory
bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996nvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.038
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000