CVE-2013-1675

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

ozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0820.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0821.html	Third Party Advisory
http://www.debian.org/security/2013/dsa-2699	Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2013:165	Broken Link
http://www.mozilla.org/security/announce/2013/mfsa2013-47.html	Vendor Advisory
http://www.securityfocus.com/bid/59858	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1822-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-1823-1	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=866825	Exploit Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0820.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0821.html	Third Party Advisory
http://www.debian.org/security/2013/dsa-2699	Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2013:165	Broken Link
http://www.mozilla.org/security/announce/2013/mfsa2013-47.html	Vendor Advisory
http://www.securityfocus.com/bid/59858	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1822-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-1823-1	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=866825	Exploit Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976	Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1675

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird_esr::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:5.9:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:5.9_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:6.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0_ppc:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:5.9_ppc:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.4_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus_from_rhui:5.9:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus_from_rhui:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*

History

22 Oct 2025, 01:15

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1675 -

21 Oct 2025, 20:16

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1675', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}~~

21 Oct 2025, 19:16

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1675 -

21 Nov 2024, 01:50

21 Oct 2024, 13:55

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr::::::::

16 Jul 2024, 17:35

Information

Published : 2013-05-16 11:45

Updated : 2025-10-22 01:15

NVD link : CVE-2013-1675

Mitre link : CVE-2013-1675

CVE.ORG link : CVE-2013-1675

JSON object : View

Products Affected

mozilla

redhat

opensuse

opensuse

canonical

ubuntu_linux

debian

debian_linux

CWE

CWE-665

Improper Initialization

Type	Values Removed	Values Added
CWE	~~CWE-119~~	CWE-665
CVSS	v2 : ~~4.3~~ v3 : ~~unknown~~	v2 : 4.3 v3 : 6.5
First Time		Canonical ubuntu Linux Redhat enterprise Linux Eus Canonical Redhat enterprise Linux For Power Big Endian Redhat Redhat enterprise Linux Server Aus Redhat enterprise Linux For Power Big Endian Eus Redhat gluster Storage Server For On-premise Redhat enterprise Linux Server Eus From Rhui Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux Workstation Debian debian Linux Redhat enterprise Linux Server Opensuse Redhat enterprise Linux Desktop Opensuse opensuse Redhat enterprise Linux For Ibm Z Systems Eus Debian Redhat enterprise Linux For Scientific Computing
References	~~() http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html - Mailing List, Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html - Mailing List, Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html - Mailing List, Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html - Mailing List, Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html - Mailing List, Third Party Advisory
References	~~() http://rhn.redhat.com/errata/RHSA-2013-0820.html -~~	() http://rhn.redhat.com/errata/RHSA-2013-0820.html - Third Party Advisory
References	~~() http://rhn.redhat.com/errata/RHSA-2013-0821.html -~~	() http://rhn.redhat.com/errata/RHSA-2013-0821.html - Third Party Advisory
References	~~() http://www.debian.org/security/2013/dsa-2699 -~~	() http://www.debian.org/security/2013/dsa-2699 - Mailing List
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2013:165 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2013:165 - Broken Link
References	~~() http://www.securityfocus.com/bid/59858 -~~	() http://www.securityfocus.com/bid/59858 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.ubuntu.com/usn/USN-1822-1 -~~	() http://www.ubuntu.com/usn/USN-1822-1 - Third Party Advisory
References	~~() http://www.ubuntu.com/usn/USN-1823-1 -~~	() http://www.ubuntu.com/usn/USN-1823-1 - Third Party Advisory
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=866825 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=866825 - Exploit, Issue Tracking
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976 - Broken Link
CPE	cpe:2.3:a:mozilla:thunderbird:17.0:::::::* cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:::::::* cpe:2.3:a:mozilla:firefox:19.0.2:::::::* cpe:2.3:a:mozilla:firefox_esr:17.0.2:::::::* cpe:2.3:a:mozilla:thunderbird_esr:17.0:::::::* cpe:2.3:a:mozilla:firefox:20.0:::::::* cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:::::::* cpe:2.3:a:mozilla:firefox_esr:17.0.3:::::::* cpe:2.3:a:mozilla:firefox:19.0:::::::* cpe:2.3:a:mozilla:thunderbird:17.0.1:::::::* cpe:2.3:a:mozilla:thunderbird:17.0.2:::::::* cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:::::::* cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:::::::* cpe:2.3:a:mozilla:firefox_esr:17.0.1:::::::* cpe:2.3:a:mozilla:thunderbird:17.0.3:::::::* cpe:2.3:a:mozilla:firefox:19.0.1:::::::* cpe:2.3:a:mozilla:thunderbird:17.0.4:::::::* cpe:2.3:a:mozilla:firefox_esr:17.0.5:::::::* cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:::::::* cpe:2.3:a:mozilla:firefox_esr:17.0:::::::* cpe:2.3:a:mozilla:firefox_esr:17.0.4:::::::*	cpe:2.3:a:mozilla:thunderbird_esr:::::::: cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::* cpe:2.3:a:mozilla:firefox_esr:::::::: cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0_ppc:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:6.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04::::-::: cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:::::::* cpe:2.3:o:debian:debian_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:::::::* cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:::::::* cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.1:::::::* cpe:2.3:o:redhat:enterprise_linux_server_eus_from_rhui:5.9:::::::* cpe:2.3:o:opensuse:opensuse:12.3:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:5.9:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.4_ppc64:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::* cpe:2.3:o:opensuse:opensuse:12.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:6.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_eus_from_rhui:6.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:5.9_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:5.9_ppc:::::::*

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2013-1675

6.5^/10

4.3^/10

Attach tags to `CVE-2013-1675`