CVE-2013-1675

6.5 MEDIUM CISA KEV - Actively Exploited
Published: May 16, 2013 Modified: October 22, 2025
View on NVD

Description

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
Source: security@mozilla.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
Source: security@mozilla.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
Source: security@mozilla.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
Source: security@mozilla.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
Source: security@mozilla.org
Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0820.html
Source: security@mozilla.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0821.html
Source: security@mozilla.org
Third Party Advisory
http://www.debian.org/security/2013/dsa-2699
Source: security@mozilla.org
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2013:165
Source: security@mozilla.org
Broken Link
http://www.mozilla.org/security/announce/2013/mfsa2013-47.html
Source: security@mozilla.org
Vendor Advisory
http://www.securityfocus.com/bid/59858
Source: security@mozilla.org
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1822-1
Source: security@mozilla.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1823-1
Source: security@mozilla.org
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=866825
Source: security@mozilla.org
Exploit Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976
Source: security@mozilla.org
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0820.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0821.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2013/dsa-2699
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2013:165
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mozilla.org/security/announce/2013/mfsa2013-47.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/59858
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1822-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1823-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=866825
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1675
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

31 reference(s) from NVD

Quick Stats

CVSS v3 Score
6.5 / 10.0
EPSS (Exploit Probability)
4.7%
89th percentile
Exploitation Status
Actively Exploited
Remediation due: 2022-03-24

Weaknesses (CWE)

CWE-665 CWE-665

Affected Vendors

redhat canonical mozilla debian opensuse

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3