CVE-2013-1728

EUVD-2013-1755
The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
mozillaseamonkey
𝑥
≤ 2.20
mozillaseamonkey
2.0
mozillaseamonkey
2.0:alpha_1
mozillaseamonkey
2.0:alpha_2
mozillaseamonkey
2.0:alpha_3
mozillaseamonkey
2.0:beta_1
mozillaseamonkey
2.0:beta_2
mozillaseamonkey
2.0:rc1
mozillaseamonkey
2.0:rc2
mozillaseamonkey
2.0.1
mozillaseamonkey
2.0.2
mozillaseamonkey
2.0.3
mozillaseamonkey
2.0.4
mozillaseamonkey
2.0.5
mozillaseamonkey
2.0.6
mozillaseamonkey
2.0.7
mozillaseamonkey
2.0.8
mozillaseamonkey
2.0.9
mozillaseamonkey
2.0.10
mozillaseamonkey
2.0.11
mozillaseamonkey
2.0.12
mozillaseamonkey
2.0.13
mozillaseamonkey
2.0.14
mozillaseamonkey
2.1
mozillaseamonkey
2.1:alpha1
mozillaseamonkey
2.1:alpha2
mozillaseamonkey
2.1:alpha3
mozillaseamonkey
2.1:beta1
mozillaseamonkey
2.1:beta2
mozillaseamonkey
2.1:beta3
mozillaseamonkey
2.1:rc1
mozillaseamonkey
2.1:rc2
mozillaseamonkey
2.10
mozillaseamonkey
2.10:beta1
mozillaseamonkey
2.10:beta2
mozillaseamonkey
2.10:beta3
mozillaseamonkey
2.10.1
mozillaseamonkey
2.11
mozillaseamonkey
2.11:beta1
mozillaseamonkey
2.11:beta2
mozillaseamonkey
2.11:beta3
mozillaseamonkey
2.11:beta4
mozillaseamonkey
2.11:beta5
mozillaseamonkey
2.11:beta6
mozillaseamonkey
2.12
mozillaseamonkey
2.12:beta1
mozillaseamonkey
2.12:beta2
mozillaseamonkey
2.12:beta3
mozillaseamonkey
2.12:beta4
mozillaseamonkey
2.12:beta5
mozillaseamonkey
2.12:beta6
mozillaseamonkey
2.12.1
mozillaseamonkey
2.13
mozillaseamonkey
2.13:beta1
mozillaseamonkey
2.13:beta2
mozillaseamonkey
2.13:beta3
mozillaseamonkey
2.13:beta4
mozillaseamonkey
2.13:beta5
mozillaseamonkey
2.13:beta6
mozillaseamonkey
2.13.1
mozillaseamonkey
2.13.2
mozillaseamonkey
2.14
mozillaseamonkey
2.14:beta1
mozillaseamonkey
2.14:beta2
mozillaseamonkey
2.14:beta3
mozillaseamonkey
2.14:beta4
mozillaseamonkey
2.14:beta5
mozillaseamonkey
2.15
mozillaseamonkey
2.15:beta1
mozillaseamonkey
2.15:beta2
mozillaseamonkey
2.15:beta3
mozillaseamonkey
2.15:beta4
mozillaseamonkey
2.15:beta5
mozillaseamonkey
2.15:beta6
mozillaseamonkey
2.15.1
mozillaseamonkey
2.15.2
mozillaseamonkey
2.16
mozillaseamonkey
2.16:beta1
mozillaseamonkey
2.16:beta2
mozillaseamonkey
2.16:beta3
mozillaseamonkey
2.16:beta4
mozillaseamonkey
2.16:beta5
mozillaseamonkey
2.16.1
mozillaseamonkey
2.16.2
mozillaseamonkey
2.17
mozillaseamonkey
2.17:beta1
mozillaseamonkey
2.17:beta2
mozillaseamonkey
2.17:beta3
mozillaseamonkey
2.17:beta4
mozillaseamonkey
2.17.1
mozillaseamonkey
2.18:beta1
mozillaseamonkey
2.18:beta2
mozillaseamonkey
2.18:beta3
mozillaseamonkey
2.18:beta4
mozillaseamonkey
2.19
mozillaseamonkey
2.19:beta1
mozillaseamonkey
2.19:beta2
mozillaseamonkey
2.20:beta1
mozillaseamonkey
2.20:beta2
mozillaseamonkey
2.20:beta3
mozillathunderbird
𝑥
≤ 17.0.9
mozillathunderbird
17.0
mozillathunderbird
17.0.1
mozillathunderbird
17.0.2
mozillathunderbird
17.0.3
mozillathunderbird
17.0.4
mozillathunderbird
17.0.5
mozillathunderbird
17.0.6
mozillathunderbird
17.0.7
mozillathunderbird
17.0.8
mozillafirefox
𝑥
≤ 23.0.1
mozillafirefox
19.0
mozillafirefox
19.0.1
mozillafirefox
19.0.2
mozillafirefox
20.0
mozillafirefox
20.0.1
mozillafirefox
21.0
mozillafirefox
22.0
mozillafirefox
23.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
lucid
ignored
precise
Fixed 24.0+build1-0ubuntu0.12.04.1
released
quantal
Fixed 24.0+build1-0ubuntu0.12.10.1
released
raring
Fixed 24.0+build1-0ubuntu0.13.04.1
released
thunderbird
lucid
ignored
precise
Fixed 1:24.0+build1-0ubuntu0.12.04.1
released
quantal
Fixed 1:24.0+build1-0ubuntu0.12.10.1
released
raring
Fixed 1:24.0+build1-0ubuntu0.13.04.1
released
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html
http://www.mozilla.org/security/announce/2013/mfsa2013-85.html
http://www.securityfocus.com/bid/62468
http://www.ubuntu.com/usn/USN-1951-1
http://www.ubuntu.com/usn/USN-1952-1
https://bugzilla.mozilla.org/show_bug.cgi?id=883686
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18902
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html
http://www.mozilla.org/security/announce/2013/mfsa2013-85.html
http://www.securityfocus.com/bid/62468
http://www.ubuntu.com/usn/USN-1951-1
http://www.ubuntu.com/usn/USN-1952-1
https://bugzilla.mozilla.org/show_bug.cgi?id=883686
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18902