What is the severity of CVE-2013-1684?

CVE-2013-1684 is classified as a critical vulnerability due to its potential to allow remote code execution.

How do I fix CVE-2013-1684?

To fix CVE-2013-1684, update your Mozilla Firefox or Thunderbird to version 22.0 or later, or ensure you are using Firefox ESR versions 17.0.7 or later.

What software is affected by CVE-2013-1684?

CVE-2013-1684 affects Mozilla Firefox versions before 22.0, along with early versions of Thunderbird and their ESR counterparts prior to 17.0.7.

What types of attacks can exploit CVE-2013-1684?

CVE-2013-1684 can be exploited by attackers to execute arbitrary code or cause a denial of service condition.

Is there a workaround for CVE-2013-1684 if I can't update immediately?

There are no significant workarounds available for CVE-2013-1684 other than updating to a safe version of the affected software.

Vulnerability/
CVE-2013-1684

critical

9.3

CWE

399 416

26/6/2013

21/10/2024

CVE-2013-1684: Use After Free

First published: Wed Jun 26 2013(Updated: )

Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	<=21.0
Mozilla Firefox	=19.0
Mozilla Firefox	=19.0.1
Mozilla Firefox	=19.0.2
Mozilla Firefox	=20.0
Mozilla Firefox	=20.0.1
Mozilla Firefox	=17.0
Mozilla Firefox	=17.0.1
Mozilla Firefox	=17.0.2
Mozilla Firefox	=17.0.3
Mozilla Firefox	=17.0.4
Mozilla Firefox	=17.0.5
Mozilla Firefox	=17.0.6
Mozilla Thunderbird	<=17.0.6
Mozilla Thunderbird	=17.0
Mozilla Thunderbird	=17.0.1
Mozilla Thunderbird	=17.0.2
Mozilla Thunderbird	=17.0.3
Mozilla Thunderbird	=17.0.4
Mozilla Thunderbird	=17.0.5
Mozilla Thunderbird ESR	=17.0
Mozilla Thunderbird ESR	=17.0.1
Mozilla Thunderbird ESR	=17.0.2
Mozilla Thunderbird ESR	=17.0.3
Mozilla Thunderbird ESR	=17.0.4
Mozilla Thunderbird ESR	=17.0.5
Mozilla Thunderbird ESR	=17.0.6
Mozilla Firefox ESR	=17.0
Mozilla Firefox ESR	=17.0.1
Mozilla Firefox ESR	=17.0.2
Mozilla Firefox ESR	=17.0.3
Mozilla Firefox ESR	=17.0.4
Mozilla Firefox ESR	=17.0.5
Mozilla Firefox ESR	=17.0.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1684?
CVE-2013-1684 is classified as a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2013-1684?
To fix CVE-2013-1684, update your Mozilla Firefox or Thunderbird to version 22.0 or later, or ensure you are using Firefox ESR versions 17.0.7 or later.
What software is affected by CVE-2013-1684?
CVE-2013-1684 affects Mozilla Firefox versions before 22.0, along with early versions of Thunderbird and their ESR counterparts prior to 17.0.7.
What types of attacks can exploit CVE-2013-1684?
CVE-2013-1684 can be exploited by attackers to execute arbitrary code or cause a denial of service condition.
Is there a workaround for CVE-2013-1684 if I can't update immediately?
There are no significant workarounds available for CVE-2013-1684 other than updating to a safe version of the affected software.

agent/references
agent/type
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/event
agent/author
agent/last-modified-date
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
agent/source
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/21.0
version/mozilla firefox/19.0
version/mozilla firefox/19.0.1
version/mozilla firefox/19.0.2
version/mozilla firefox/20.0
version/mozilla firefox/20.0.1
version/mozilla firefox/17.0
version/mozilla firefox/17.0.1
version/mozilla firefox/17.0.2
version/mozilla firefox/17.0.3
version/mozilla firefox/17.0.4
version/mozilla firefox/17.0.5
version/mozilla firefox/17.0.6
canonical/mozilla thunderbird
version/mozilla thunderbird/17.0.6
version/mozilla thunderbird/17.0
version/mozilla thunderbird/17.0.1
version/mozilla thunderbird/17.0.2
version/mozilla thunderbird/17.0.3
version/mozilla thunderbird/17.0.4
version/mozilla thunderbird/17.0.5
canonical/mozilla thunderbird esr
version/mozilla thunderbird esr/17.0
version/mozilla thunderbird esr/17.0.1
version/mozilla thunderbird esr/17.0.2
version/mozilla thunderbird esr/17.0.3
version/mozilla thunderbird esr/17.0.4
version/mozilla thunderbird esr/17.0.5
version/mozilla thunderbird esr/17.0.6
canonical/mozilla firefox esr
version/mozilla firefox esr/17.0
version/mozilla firefox esr/17.0.1
version/mozilla firefox esr/17.0.2
version/mozilla firefox esr/17.0.3
version/mozilla firefox esr/17.0.4
version/mozilla firefox esr/17.0.5
version/mozilla firefox esr/17.0.6

Frequently Asked Questions

What is the severity of CVE-2013-1684?
CVE-2013-1684 is classified as a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2013-1684?
To fix CVE-2013-1684, update your Mozilla Firefox or Thunderbird to version 22.0 or later, or ensure you are using Firefox ESR versions 17.0.7 or later.
What software is affected by CVE-2013-1684?
CVE-2013-1684 affects Mozilla Firefox versions before 22.0, along with early versions of Thunderbird and their ESR counterparts prior to 17.0.7.
What types of attacks can exploit CVE-2013-1684?
CVE-2013-1684 can be exploited by attackers to execute arbitrary code or cause a denial of service condition.
Is there a workaround for CVE-2013-1684 if I can't update immediately?
There are no significant workarounds available for CVE-2013-1684 other than updating to a safe version of the affected software.

CVE-2013-1684: Use After Free

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1684?

How do I fix CVE-2013-1684?

What software is affected by CVE-2013-1684?

What types of attacks can exploit CVE-2013-1684?

Is there a workaround for CVE-2013-1684 if I can't update immediately?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-1684?

How do I fix CVE-2013-1684?

What software is affected by CVE-2013-1684?

What types of attacks can exploit CVE-2013-1684?

Is there a workaround for CVE-2013-1684 if I can't update immediately?