What is the severity of CVE-2013-1680?

CVE-2013-1680 is classified as a critical vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service.

How do I fix CVE-2013-1680?

To fix CVE-2013-1680, upgrade Mozilla Firefox to version 21.0 or later, Firefox ESR to version 17.0.6 or later, or Thunderbird to version 17.0.6 or later.

Which versions of Firefox are affected by CVE-2013-1680?

CVE-2013-1680 affects Mozilla Firefox versions prior to 21.0, specifically 20.0.1 and earlier.

Which versions of Thunderbird are impacted by CVE-2013-1680?

CVE-2013-1680 impacts Thunderbird versions prior to 17.0.6, including 17.0 and earlier.

Vulnerability/
CVE-2013-1680

critical

CWE

119 416

16/5/2013

21/10/2024

CVE-2013-1680: Buffer Overflow

Q: What type of vulnerability is CVE-2013-1680?

CVE-2013-1680 is a use-after-free vulnerability in the nsFrameList::FirstChild function.

First published: Thu May 16 2013(Updated: )

Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	<=20.0.1
Mozilla Firefox	=19.0
Mozilla Firefox	=19.0.1
Mozilla Firefox	=19.0.2
Mozilla Firefox	=20.0
Mozilla Firefox ESR	=17.0
Mozilla Firefox ESR	=17.0.1
Mozilla Firefox ESR	=17.0.2
Mozilla Firefox ESR	=17.0.3
Mozilla Firefox ESR	=17.0.4
Mozilla Firefox ESR	=17.0.5
Mozilla Thunderbird	<=17.0.5
Mozilla Thunderbird	=17.0
Mozilla Thunderbird	=17.0.1
Mozilla Thunderbird	=17.0.2
Mozilla Thunderbird	=17.0.3
Mozilla Thunderbird	=17.0.4
Mozilla Thunderbird ESR	=17.0
Mozilla Thunderbird ESR	=17.0.1
Mozilla Thunderbird ESR	=17.0.2
Mozilla Thunderbird ESR	=17.0.3
Mozilla Thunderbird ESR	=17.0.4
Mozilla Thunderbird ESR	=17.0.5
Mozilla Firefox	=17.0
Mozilla Firefox	=17.0.1
Mozilla Firefox	=17.0.2
Mozilla Firefox	=17.0.3
Mozilla Firefox	=17.0.4
Mozilla Firefox	=17.0.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1680?
CVE-2013-1680 is classified as a critical vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service.
How do I fix CVE-2013-1680?
To fix CVE-2013-1680, upgrade Mozilla Firefox to version 21.0 or later, Firefox ESR to version 17.0.6 or later, or Thunderbird to version 17.0.6 or later.
Which versions of Firefox are affected by CVE-2013-1680?
CVE-2013-1680 affects Mozilla Firefox versions prior to 21.0, specifically 20.0.1 and earlier.
Which versions of Thunderbird are impacted by CVE-2013-1680?
CVE-2013-1680 impacts Thunderbird versions prior to 17.0.6, including 17.0 and earlier.
What type of vulnerability is CVE-2013-1680?
CVE-2013-1680 is a use-after-free vulnerability in the nsFrameList::FirstChild function.

agent/weakness
agent/type
agent/severity
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/event
agent/author
agent/last-modified-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/softwarecombine
agent/source
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/20.0.1
version/mozilla firefox/19.0
version/mozilla firefox/19.0.1
version/mozilla firefox/19.0.2
version/mozilla firefox/20.0
canonical/mozilla firefox esr
version/mozilla firefox esr/17.0
version/mozilla firefox esr/17.0.1
version/mozilla firefox esr/17.0.2
version/mozilla firefox esr/17.0.3
version/mozilla firefox esr/17.0.4
version/mozilla firefox esr/17.0.5
canonical/mozilla thunderbird
version/mozilla thunderbird/17.0.5
version/mozilla thunderbird/17.0
version/mozilla thunderbird/17.0.1
version/mozilla thunderbird/17.0.2
version/mozilla thunderbird/17.0.3
version/mozilla thunderbird/17.0.4
canonical/mozilla thunderbird esr
version/mozilla thunderbird esr/17.0
version/mozilla thunderbird esr/17.0.1
version/mozilla thunderbird esr/17.0.2
version/mozilla thunderbird esr/17.0.3
version/mozilla thunderbird esr/17.0.4
version/mozilla thunderbird esr/17.0.5
version/mozilla firefox/17.0
version/mozilla firefox/17.0.1
version/mozilla firefox/17.0.2
version/mozilla firefox/17.0.3
version/mozilla firefox/17.0.4
version/mozilla firefox/17.0.5

Frequently Asked Questions

What is the severity of CVE-2013-1680?
CVE-2013-1680 is classified as a critical vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service.
How do I fix CVE-2013-1680?
To fix CVE-2013-1680, upgrade Mozilla Firefox to version 21.0 or later, Firefox ESR to version 17.0.6 or later, or Thunderbird to version 17.0.6 or later.
Which versions of Firefox are affected by CVE-2013-1680?
CVE-2013-1680 affects Mozilla Firefox versions prior to 21.0, specifically 20.0.1 and earlier.
Which versions of Thunderbird are impacted by CVE-2013-1680?
CVE-2013-1680 impacts Thunderbird versions prior to 17.0.6, including 17.0 and earlier.
What type of vulnerability is CVE-2013-1680?
CVE-2013-1680 is a use-after-free vulnerability in the nsFrameList::FirstChild function.

CVE-2013-1680: Buffer Overflow

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1680?

How do I fix CVE-2013-1680?

Which versions of Firefox are affected by CVE-2013-1680?

Which versions of Thunderbird are impacted by CVE-2013-1680?

What type of vulnerability is CVE-2013-1680?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-1680?

How do I fix CVE-2013-1680?

Which versions of Firefox are affected by CVE-2013-1680?

Which versions of Thunderbird are impacted by CVE-2013-1680?

What type of vulnerability is CVE-2013-1680?