CVE-2013-0787 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Affected Products (NVD)

Vendor	Product	Version
mozilla	firefox	𝑥 ≤ 19.0.1
mozilla	firefox	19.0
mozilla	firefox	17.0
mozilla	firefox	17.0.1
mozilla	firefox	17.0.2
mozilla	firefox	17.0.3
mozilla	thunderbird	𝑥 ≤ 17.0.3
mozilla	thunderbird	17.0
mozilla	thunderbird	17.0.1
mozilla	thunderbird	17.0.2
mozilla	thunderbird_esr	17.0
mozilla	thunderbird_esr	17.0.1
mozilla	thunderbird_esr	17.0.2
mozilla	thunderbird_esr	17.0.3
mozilla	seamonkey	𝑥 ≤ 2.16
mozilla	seamonkey	2.16:beta1
mozilla	seamonkey	2.16:beta2
mozilla	seamonkey	2.16:beta3
mozilla	seamonkey	2.16:beta4
mozilla	seamonkey	2.16:beta5

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

hardy	ignored
lucid	Fixed 19.0.2+build1-0ubuntu0.10.04.1 released
oneiric	Fixed 19.0.2+build1-0ubuntu0.11.10.1 released
precise	Fixed 19.0.2+build1-0ubuntu0.12.04.1 released
quantal	Fixed 19.0.2+build1-0ubuntu0.12.10.1 released
raring	Fixed 19.0.2+build1-0ubuntu1 released
saucy	Fixed 19.0.2+build1-0ubuntu1 released

seamonkey

hardy	ignored
lucid	ignored
oneiric	ignored
precise	dne
quantal	dne
raring	dne
saucy	dne

thunderbird

hardy	ignored
lucid	Fixed 17.0.4+build1-0ubuntu0.10.04.1 released
oneiric	Fixed 17.0.4+build1-0ubuntu0.11.10.1 released
precise	Fixed 17.0.4+build1-0ubuntu0.12.04.1 released
quantal	Fixed 17.0.4+build1-0ubuntu0.12.10.1 released
raring	Fixed 17.0.4+build1-0ubuntu1 released
saucy	Fixed 17.0.4+build1-0ubuntu1 released

xulrunner-1.9.2

hardy	ignored
lucid	ignored
oneiric	dne
precise	dne
quantal	dne
raring	dne
saucy	dne

xulrunner-2.0

hardy	dne
lucid	dne
oneiric	dne
precise	dne
quantal	dne
raring	dne
saucy	dne

Common Weakness Enumeration

CWE-399 -

References

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00028.html

http://rhn.redhat.com/errata/RHSA-2013-0614.html

http://rhn.redhat.com/errata/RHSA-2013-0627.html

http://twitter.com/VUPEN/statuses/309505403631325184

http://twitter.com/thezdi/statuses/309484730506698752

http://www.debian.org/security/2013/dsa-2699

http://www.mozilla.org/security/announce/2013/mfsa2013-29.html

http://www.securityfocus.com/bid/58391

http://www.ubuntu.com/usn/USN-1758-1

https://bugzilla.mozilla.org/show_bug.cgi?id=848644

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16737

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00028.html

http://rhn.redhat.com/errata/RHSA-2013-0614.html

http://rhn.redhat.com/errata/RHSA-2013-0627.html

http://twitter.com/VUPEN/statuses/309505403631325184

http://twitter.com/thezdi/statuses/309484730506698752

http://www.debian.org/security/2013/dsa-2699

http://www.mozilla.org/security/announce/2013/mfsa2013-29.html

http://www.securityfocus.com/bid/58391

http://www.ubuntu.com/usn/USN-1758-1

https://bugzilla.mozilla.org/show_bug.cgi?id=848644

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16737