What is the severity of CVE-2013-1674?

CVE-2013-1674 has a high severity due to its potential to allow remote attackers to execute arbitrary code.

How do I fix CVE-2013-1674?

To fix CVE-2013-1674, update Mozilla Firefox to version 21.0 or later, or update affected Thunderbird versions to 17.0.6 or later.

Which software versions are affected by CVE-2013-1674?

CVE-2013-1674 affects Mozilla Firefox versions before 21.0, Firefox ESR versions before 17.0.6, and Thunderbird versions before 17.0.6.

What can an attacker do exploiting CVE-2013-1674?

An attacker exploiting CVE-2013-1674 can potentially execute arbitrary code on a victim's system.

Is there a workaround for CVE-2013-1674 until I can update?

Currently, there are no recommended workarounds for CVE-2013-1674; updating to the latest versions is the best approach.

Vulnerability/
CVE-2013-1674

critical

9.3

CWE

399 416

16/5/2013

21/10/2024

CVE-2013-1674: Use After Free

First published: Thu May 16 2013(Updated: )

Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video.

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	<=20.0.1
Mozilla Firefox	=19.0
Mozilla Firefox	=19.0.1
Mozilla Firefox	=19.0.2
Mozilla Firefox	=20.0
Mozilla Firefox ESR	=17.0
Mozilla Firefox ESR	=17.0.1
Mozilla Firefox ESR	=17.0.2
Mozilla Firefox ESR	=17.0.3
Mozilla Firefox ESR	=17.0.4
Mozilla Firefox ESR	=17.0.5
Mozilla Thunderbird	<=17.0.5
Mozilla Thunderbird	=17.0
Mozilla Thunderbird	=17.0.1
Mozilla Thunderbird	=17.0.2
Mozilla Thunderbird	=17.0.3
Mozilla Thunderbird	=17.0.4
Mozilla Thunderbird ESR	=17.0
Mozilla Thunderbird ESR	=17.0.1
Mozilla Thunderbird ESR	=17.0.2
Mozilla Thunderbird ESR	=17.0.3
Mozilla Thunderbird ESR	=17.0.4
Mozilla Thunderbird ESR	=17.0.5
Mozilla Firefox	=17.0
Mozilla Firefox	=17.0.1
Mozilla Firefox	=17.0.2
Mozilla Firefox	=17.0.3
Mozilla Firefox	=17.0.4
Mozilla Firefox	=17.0.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1674?
CVE-2013-1674 has a high severity due to its potential to allow remote attackers to execute arbitrary code.
How do I fix CVE-2013-1674?
To fix CVE-2013-1674, update Mozilla Firefox to version 21.0 or later, or update affected Thunderbird versions to 17.0.6 or later.
Which software versions are affected by CVE-2013-1674?
CVE-2013-1674 affects Mozilla Firefox versions before 21.0, Firefox ESR versions before 17.0.6, and Thunderbird versions before 17.0.6.
What can an attacker do exploiting CVE-2013-1674?
An attacker exploiting CVE-2013-1674 can potentially execute arbitrary code on a victim's system.
Is there a workaround for CVE-2013-1674 until I can update?
Currently, there are no recommended workarounds for CVE-2013-1674; updating to the latest versions is the best approach.

agent/type
agent/references
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/event
agent/author
agent/last-modified-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/softwarecombine
agent/source
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/20.0.1
version/mozilla firefox/19.0
version/mozilla firefox/19.0.1
version/mozilla firefox/19.0.2
version/mozilla firefox/20.0
canonical/mozilla firefox esr
version/mozilla firefox esr/17.0
version/mozilla firefox esr/17.0.1
version/mozilla firefox esr/17.0.2
version/mozilla firefox esr/17.0.3
version/mozilla firefox esr/17.0.4
version/mozilla firefox esr/17.0.5
canonical/mozilla thunderbird
version/mozilla thunderbird/17.0.5
version/mozilla thunderbird/17.0
version/mozilla thunderbird/17.0.1
version/mozilla thunderbird/17.0.2
version/mozilla thunderbird/17.0.3
version/mozilla thunderbird/17.0.4
canonical/mozilla thunderbird esr
version/mozilla thunderbird esr/17.0
version/mozilla thunderbird esr/17.0.1
version/mozilla thunderbird esr/17.0.2
version/mozilla thunderbird esr/17.0.3
version/mozilla thunderbird esr/17.0.4
version/mozilla thunderbird esr/17.0.5
version/mozilla firefox/17.0
version/mozilla firefox/17.0.1
version/mozilla firefox/17.0.2
version/mozilla firefox/17.0.3
version/mozilla firefox/17.0.4
version/mozilla firefox/17.0.5

Frequently Asked Questions

What is the severity of CVE-2013-1674?
CVE-2013-1674 has a high severity due to its potential to allow remote attackers to execute arbitrary code.
How do I fix CVE-2013-1674?
To fix CVE-2013-1674, update Mozilla Firefox to version 21.0 or later, or update affected Thunderbird versions to 17.0.6 or later.
Which software versions are affected by CVE-2013-1674?
CVE-2013-1674 affects Mozilla Firefox versions before 21.0, Firefox ESR versions before 17.0.6, and Thunderbird versions before 17.0.6.
What can an attacker do exploiting CVE-2013-1674?
An attacker exploiting CVE-2013-1674 can potentially execute arbitrary code on a victim's system.
Is there a workaround for CVE-2013-1674 until I can update?
Currently, there are no recommended workarounds for CVE-2013-1674; updating to the latest versions is the best approach.

CVE-2013-1674: Use After Free

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1674?

How do I fix CVE-2013-1674?

Which software versions are affected by CVE-2013-1674?

What can an attacker do exploiting CVE-2013-1674?

Is there a workaround for CVE-2013-1674 until I can update?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-1674?

How do I fix CVE-2013-1674?

Which software versions are affected by CVE-2013-1674?

What can an attacker do exploiting CVE-2013-1674?

Is there a workaround for CVE-2013-1674 until I can update?