Vulnerability CVE-2013-1708


Published: 2013-08-06   Modified: 2013-08-07

Description:
Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function.

Type:

CWE-noinfo

Vendor: VENDOR
Product: PRODUCT 
Version: VERSION;
Vendor: Mozilla
Product: Firefox 
Version:
22.0
21.0
20.0.1
19.0.2
19.0.1
19.0
Product: Firef14caox 
Version: 20.0;
Product: Seamonkey 
Version:
2.9.1
2.9
2.8
2.7.2
2.7.1
2.7
2.6.1
2.6
2.5
2.4.1
2.4
2.3.3
2.3.2
2.3.1
2.3
2.20
2.19
2.18
2.17.1
2.17
2.16.2
2.16.1
2.16
2.15.2
2.15.1
2.15
2.14
2.13.2
2.13.1
2.13
2.12.1
2.12
2.11
2.10.1
2.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.1
2.0

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://bugzilla.mozilla.org/show_bug.cgi?id=879924
http://www.mozilla.org/security/announce/2013/mfsa2013-67.html

Related CVE
CVE-2018-12404
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS ...
CVE-2018-5123
A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.
CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.3...
CVE-2019-9813
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
CVE-2019-9810
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
CVE-2019-9809
If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for ...
CVE-2019-9808
If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which s...
CVE-2019-9807
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects...

Copyright 2019, cxsecurity.com

 

Back to Top