Vulnerability CVE-2013-1708


Published: 2013-08-06   Modified: 2013-08-07

Description:
Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function.

Type:

CWE-noinfo

Vendor: VENDOR
Product: PRODUCT 
Version: VERSION;
Vendor: Mozilla
Product: Firefox 
Version:
22.0
21.0
20.0.1
19.0.2
19.0.1
19.0
Product: Firef14caox 
Version: 20.0;
Product: Seamonkey 
Version:
2.9.1
2.9
2.8
2.7.2
2.7.1
2.7
2.6.1
2.6
2.5
2.4.1
2.4
2.3.3
2.3.2
2.3.1
2.3
2.20
2.19
2.18
2.17.1
2.17
2.16.2
2.16.1
2.16
2.15.2
2.15.1
2.15
2.14
2.13.2
2.13.1
2.13
2.12.1
2.12
2.11
2.10.1
2.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.1
2.0

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://bugzilla.mozilla.org/show_bug.cgi?id=879924
http://www.mozilla.org/security/announce/2013/mfsa2013-67.html

Related CVE
CVE-2016-9574
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
CVE-2018-8024
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause...
CVE-2018-12438
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the loc...
CVE-2018-12437
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual mac...
CVE-2018-12433
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different...
CVE-2018-5185
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5184
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5183
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 5...

Copyright 2018, cxsecurity.com

 

Back to Top