CyberSec.Space Logo
Back to CVE Browser

CVE-2013-1679

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile1.84th
PublishedMay 16, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Firefox

<= 20.0.1
πŸ“¦
Mozilla

Firefox

= 19.0
πŸ“¦
Mozilla

Firefox

= 19.0.1
πŸ“¦
Mozilla

Firefox

= 19.0.2
πŸ“¦
Mozilla

Firefox

= 20.0
πŸ“¦
Mozilla

Firefox

= 17.0
πŸ“¦
Mozilla

Firefox

= 17.0.1
πŸ“¦
Mozilla

Firefox

= 17.0.2
πŸ“¦
Mozilla

Firefox

= 17.0.3
πŸ“¦
Mozilla

Firefox

= 17.0.4
πŸ“¦
Mozilla

Firefox

= 17.0.5
πŸ“¦
Mozilla

Thunderbird

<= 17.0.5
πŸ“¦
Mozilla

Thunderbird

= 17.0
πŸ“¦
Mozilla

Thunderbird

= 17.0.1
πŸ“¦
Mozilla

Thunderbird

= 17.0.2
πŸ“¦
Mozilla

Thunderbird

= 17.0.3
πŸ“¦
Mozilla

Thunderbird

= 17.0.4
πŸ“¦
Mozilla

Thunderbird Esr

= 17.0
πŸ“¦
Mozilla

Thunderbird Esr

= 17.0.1
πŸ“¦
Mozilla

Thunderbird Esr

= 17.0.2
πŸ“¦
Mozilla

Thunderbird Esr

= 17.0.3
πŸ“¦
Mozilla

Thunderbird Esr

= 17.0.4
πŸ“¦
Mozilla

Thunderbird Esr

= 17.0.5

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2013-0820.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2013-0821.html
πŸ”— http://www.debian.org/security/2013/dsa-2699

Related Vulnerabilities

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...