Vulnerability CVE-2013-1708


Published: 2013-08-06   Modified: 2013-08-09

Description:
Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function.

Type:

CWE-noinfo

Vendor: VENDOR
Product: PRODUCT 
Version: VERSION;
Vendor: Mozilla
Product: Firefox 
Version:
22.0
21.0
20.0.1
19.0.2
19.0.1
19.0
Product: Firef14caox 
Version: 20.0;
Product: Seamonkey 
Version:
2.9.1
2.9
2.8
2.7.2
2.7.1
2.7
2.6.1
2.6
2.5
2.4.1
2.4
2.3.3
2.3.2
2.3.1
2.3
2.20
2.19
2.18
2.17.1
2.17
2.16.2
2.16.1
2.16
2.15.2
2.15.1
2.15
2.14
2.13.2
2.13.1
2.13
2.12.1
2.12
2.11
2.10.1
2.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.1
2.0

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://bugzilla.mozilla.org/show_bug.cgi?id=879924
http://www.mozilla.org/security/announce/2013/mfsa2013-67.html

Related CVE
CVE-2007-5341
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVE-2017-7502
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
CVE-2017-5461
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other i...
CVE-2016-2803
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.
CVE-2016-5284
Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificat...
CVE-2016-5282
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
CVE-2016-5283
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resiz...
CVE-2016-5280
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via bidirectional text.

Copyright 2017, cxsecurity.com

 

Back to Top