CVE-2013-1723

The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
mozillathunderbird
𝑥
≤ 17.0.9
mozillathunderbird
17.0
mozillathunderbird
17.0.1
mozillathunderbird
17.0.2
mozillathunderbird
17.0.3
mozillathunderbird
17.0.4
mozillathunderbird
17.0.5
mozillathunderbird
17.0.6
mozillathunderbird
17.0.7
mozillathunderbird
17.0.8
mozillafirefox
𝑥
≤ 23.0.1
mozillafirefox
19.0
mozillafirefox
19.0.1
mozillafirefox
19.0.2
mozillafirefox
20.0
mozillafirefox
20.0.1
mozillafirefox
21.0
mozillafirefox
22.0
mozillafirefox
23.0
mozillaseamonkey
𝑥
≤ 2.20
mozillaseamonkey
2.0
mozillaseamonkey
2.0:alpha_1
mozillaseamonkey
2.0:alpha_2
mozillaseamonkey
2.0:alpha_3
mozillaseamonkey
2.0:beta_1
mozillaseamonkey
2.0:beta_2
mozillaseamonkey
2.0:rc1
mozillaseamonkey
2.0:rc2
mozillaseamonkey
2.0.1
mozillaseamonkey
2.0.2
mozillaseamonkey
2.0.3
mozillaseamonkey
2.0.4
mozillaseamonkey
2.0.5
mozillaseamonkey
2.0.6
mozillaseamonkey
2.0.7
mozillaseamonkey
2.0.8
mozillaseamonkey
2.0.9
mozillaseamonkey
2.0.10
mozillaseamonkey
2.0.11
mozillaseamonkey
2.0.12
mozillaseamonkey
2.0.13
mozillaseamonkey
2.0.14
mozillaseamonkey
2.1
mozillaseamonkey
2.1:alpha1
mozillaseamonkey
2.1:alpha2
mozillaseamonkey
2.1:alpha3
mozillaseamonkey
2.1:beta1
mozillaseamonkey
2.1:beta2
mozillaseamonkey
2.1:beta3
mozillaseamonkey
2.1:rc1
mozillaseamonkey
2.1:rc2
mozillaseamonkey
2.10
mozillaseamonkey
2.10:beta1
mozillaseamonkey
2.10:beta2
mozillaseamonkey
2.10:beta3
mozillaseamonkey
2.10.1
mozillaseamonkey
2.11
mozillaseamonkey
2.11:beta1
mozillaseamonkey
2.11:beta2
mozillaseamonkey
2.11:beta3
mozillaseamonkey
2.11:beta4
mozillaseamonkey
2.11:beta5
mozillaseamonkey
2.11:beta6
mozillaseamonkey
2.12
mozillaseamonkey
2.12:beta1
mozillaseamonkey
2.12:beta2
mozillaseamonkey
2.12:beta3
mozillaseamonkey
2.12:beta4
mozillaseamonkey
2.12:beta5
mozillaseamonkey
2.12:beta6
mozillaseamonkey
2.12.1
mozillaseamonkey
2.13
mozillaseamonkey
2.13:beta1
mozillaseamonkey
2.13:beta2
mozillaseamonkey
2.13:beta3
mozillaseamonkey
2.13:beta4
mozillaseamonkey
2.13:beta5
mozillaseamonkey
2.13:beta6
mozillaseamonkey
2.13.1
mozillaseamonkey
2.13.2
mozillaseamonkey
2.14
mozillaseamonkey
2.14:beta1
mozillaseamonkey
2.14:beta2
mozillaseamonkey
2.14:beta3
mozillaseamonkey
2.14:beta4
mozillaseamonkey
2.14:beta5
mozillaseamonkey
2.15
mozillaseamonkey
2.15:beta1
mozillaseamonkey
2.15:beta2
mozillaseamonkey
2.15:beta3
mozillaseamonkey
2.15:beta4
mozillaseamonkey
2.15:beta5
mozillaseamonkey
2.15:beta6
mozillaseamonkey
2.15.1
mozillaseamonkey
2.15.2
mozillaseamonkey
2.16
mozillaseamonkey
2.16:beta1
mozillaseamonkey
2.16:beta2
mozillaseamonkey
2.16:beta3
mozillaseamonkey
2.16:beta4
mozillaseamonkey
2.16:beta5
mozillaseamonkey
2.16.1
mozillaseamonkey
2.16.2
mozillaseamonkey
2.17
mozillaseamonkey
2.17:beta1
mozillaseamonkey
2.17:beta2
mozillaseamonkey
2.17:beta3
mozillaseamonkey
2.17:beta4
mozillaseamonkey
2.17.1
mozillaseamonkey
2.18:beta1
mozillaseamonkey
2.18:beta2
mozillaseamonkey
2.18:beta3
mozillaseamonkey
2.18:beta4
mozillaseamonkey
2.19
mozillaseamonkey
2.19:beta1
mozillaseamonkey
2.19:beta2
mozillaseamonkey
2.20:beta1
mozillaseamonkey
2.20:beta2
mozillaseamonkey
2.20:beta3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html
http://www.mozilla.org/security/announce/2013/mfsa2013-80.html
http://www.securityfocus.com/bid/62472
https://bugzilla.mozilla.org/show_bug.cgi?id=891292
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19028
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html
http://www.mozilla.org/security/announce/2013/mfsa2013-80.html
http://www.securityfocus.com/bid/62472
https://bugzilla.mozilla.org/show_bug.cgi?id=891292
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19028