MEDIUM 6.5 KEV Publié le 2013-05-16

CVE-2013-1675

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA Known Exploited Vulnerability

Ajouté au KEV: 2022-03-03
Deadline remédiation: 2022-03-24
Action requise: Apply updates per vendor instructions.
Ransomware: Non

Apps mobiles affectées

Firefox : Navigateur privé

Android

org.mozilla.firefox

1 CVE 1 KEV

Firefox: Navigateur Internet

iOS

org.mozilla.ios.Firefox

1 CVE 1 KEV

Configurations CPE vulnérables

Vendor	Produit	Plateforme	Versions	CPE 2.3 URI
mozilla	firefox	Android	<21.0	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	iOS	<21.0	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	Android	≥17.0 <17.0.6	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	iOS	≥17.0 <17.0.6	cpe:2.3:a:mozilla:firefox::::::::

Voir sur NVD ↗ Catalogue CISA KEV ↗