VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
epss	0.74572	https://api.first.org/data/v1/epss?cve=CVE-2013-0757
epss	0.74572	https://api.first.org/data/v1/epss?cve=CVE-2013-0757
epss	0.74572	https://api.first.org/data/v1/epss?cve=CVE-2013-0757
epss	0.74572	https://api.first.org/data/v1/epss?cve=CVE-2013-0757
epss	0.74572	https://api.first.org/data/v1/epss?cve=CVE-2013-0757
epss	0.74572	https://api.first.org/data/v1/epss?cve=CVE-2013-0757
epss	0.74572	https://api.first.org/data/v1/epss?cve=CVE-2013-0757
epss	0.74572	https://api.first.org/data/v1/epss?cve=CVE-2013-0757
epss	0.74572	https://api.first.org/data/v1/epss?cve=CVE-2013-0757
cvssv2	9.3	https://nvd.nist.gov/vuln/detail/CVE-2013-0757
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2013-14

System

Score

Found at

epss

0.74572

https://api.first.org/data/v1/epss?cve=CVE-2013-0757

epss

0.74572

https://api.first.org/data/v1/epss?cve=CVE-2013-0757

epss

0.74572

https://api.first.org/data/v1/epss?cve=CVE-2013-0757

epss

0.74572

https://api.first.org/data/v1/epss?cve=CVE-2013-0757

epss

0.74572

https://api.first.org/data/v1/epss?cve=CVE-2013-0757

epss

0.74572

https://api.first.org/data/v1/epss?cve=CVE-2013-0757

epss

0.74572

https://api.first.org/data/v1/epss?cve=CVE-2013-0757

epss

0.74572

https://api.first.org/data/v1/epss?cve=CVE-2013-0757

epss

0.74572

https://api.first.org/data/v1/epss?cve=CVE-2013-0757

cvssv2

9.3

https://nvd.nist.gov/vuln/detail/CVE-2013-0757

generic_textual

high

https://www.mozilla.org/en-US/security/advisories/mfsa2013-14

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
		http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
		http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
		http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0757.json
		https://api.first.org/data/v1/epss?cve=CVE-2013-0757
		https://bugzilla.mozilla.org/show_bug.cgi?id=813901
		https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16939
		http://www.mozilla.org/security/announce/2013/mfsa2013-14.html
		http://www.ubuntu.com/usn/USN-1681-1
		http://www.ubuntu.com/usn/USN-1681-2
		http://www.ubuntu.com/usn/USN-1681-4
892147		https://bugzilla.redhat.com/show_bug.cgi?id=892147
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:seamonkey::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:seamonkey::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:a:mozilla:thunderbird_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr::::::::
cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
cpe:2.3:o:opensuse:opensuse:11.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:::::::*
cpe:2.3:o:opensuse:opensuse:12.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.1:::::::*
cpe:2.3:o:opensuse:opensuse:12.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:::::::*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::
cpe:2.3:o:suse:linux_enterprise_server:10:sp4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp4::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::-::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::-::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::vmware::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::vmware::*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2::::::
CVE-2013-0757		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757
CVE-2013-0757		https://nvd.nist.gov/vuln/detail/CVE-2013-0757
CVE-2013-0758;CVE-2013-0757	Exploit	https://github.com/rapid7/metasploit-framework/blob/1d617ae3894222cfbbf6951fcd68fd2d1c1b15c6/modules/exploits/multi/http/git_client_command_exec.rb
CVE-2013-0758;CVE-2013-0757	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41684.rb
CVE-2013-0758;CVE-2013-0757;OSVDB-89020;OSVDB-89019	Exploit	https://github.com/rapid7/metasploit-framework/blob/b08d1ad8d8d6c0f5cb63cc44e3ff75efb9edb7b3/modules/exploits/multi/browser/firefox_svg_plugin.rb
CVE-2013-0758;CVE-2013-0757;OSVDB-89020;OSVDB-89019	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/41683.rb
GLSA-201309-23		https://security.gentoo.org/glsa/201309-23
mfsa2013-14		https://www.mozilla.org/en-US/security/advisories/mfsa2013-14
USN-1681-1		https://usn.ubuntu.com/1681-1/
USN-1681-2		https://usn.ubuntu.com/1681-2/

Reference id

Reference type

URL

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0757.json

https://api.first.org/data/v1/epss?cve=CVE-2013-0757

https://bugzilla.mozilla.org/show_bug.cgi?id=813901

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16939

http://www.mozilla.org/security/announce/2013/mfsa2013-14.html

http://www.ubuntu.com/usn/USN-1681-1

http://www.ubuntu.com/usn/USN-1681-2

http://www.ubuntu.com/usn/USN-1681-4

892147

https://bugzilla.redhat.com/show_bug.cgi?id=892147

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

CVE-2013-0757

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0757

CVE-2013-0757

https://nvd.nist.gov/vuln/detail/CVE-2013-0757

CVE-2013-0758;CVE-2013-0757

Exploit

https://github.com/rapid7/metasploit-framework/blob/1d617ae3894222cfbbf6951fcd68fd2d1c1b15c6/modules/exploits/multi/http/git_client_command_exec.rb

CVE-2013-0758;CVE-2013-0757

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41684.rb

CVE-2013-0758;CVE-2013-0757;OSVDB-89020;OSVDB-89019

Exploit

https://github.com/rapid7/metasploit-framework/blob/b08d1ad8d8d6c0f5cb63cc44e3ff75efb9edb7b3/modules/exploits/multi/browser/firefox_svg_plugin.rb

CVE-2013-0758;CVE-2013-0757;OSVDB-89020;OSVDB-89019

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/41683.rb

GLSA-201309-23

https://security.gentoo.org/glsa/201309-23

mfsa2013-14

https://www.mozilla.org/en-US/security/advisories/mfsa2013-14

USN-1681-1

https://usn.ubuntu.com/1681-1/

USN-1681-2

https://usn.ubuntu.com/1681-2/

Data source	Exploit-DB
Date added	March 23, 2017
Description	GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)
Ransomware campaign use	Known
Source publication date	Dec. 18, 2014
Exploit type	remote
Platform	multiple
Source update date	March 23, 2017
Source URL	https://github.com/rapid7/metasploit-framework/blob/1d617ae3894222cfbbf6951fcd68fd2d1c1b15c6/modules/exploits/multi/http/git_client_command_exec.rb

Exploit-DB

March 23, 2017

GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)

Known

Dec. 18, 2014

remote

multiple

March 23, 2017

https://github.com/rapid7/metasploit-framework/blob/1d617ae3894222cfbbf6951fcd68fd2d1c1b15c6/modules/exploits/multi/http/git_client_command_exec.rb

Data source	Metasploit
Description	This exploit gains remote code execution on Firefox 17 and 17.0.1, provided the user has installed Flash. No memory corruption is used. First, a Flash object is cloned into the anonymous content of the SVG "use" element in the <body> (CVE-2013-0758). From there, the Flash object can navigate a child frame to a URL in the chrome:// scheme. Then a separate exploit (CVE-2013-0757) is used to bypass the security wrapper around the child frame's window reference and inject code into the chrome:// context. Once we have injection into the chrome execution context, we can write the payload to disk, chmod it (if posix), and then execute. Note: Flash is used here to trigger the exploit but any Firefox plugin with script access should be able to trigger it.
Note	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
Ransomware campaign use	Unknown
Source publication date	Jan. 8, 2013
Platform	Firefox,Java,Linux,OSX,Solaris,Windows
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/firefox_svg_plugin.rb

Metasploit

This exploit gains remote code execution on Firefox 17 and 17.0.1, provided the user has installed Flash. No memory corruption is used. First, a Flash object is cloned into the anonymous content of the SVG "use" element in the <body> (CVE-2013-0758). From there, the Flash object can navigate a child frame to a URL in the chrome:// scheme. Then a separate exploit (CVE-2013-0757) is used to bypass the security wrapper around the child frame's window reference and inject code into the chrome:// context. Once we have injection into the chrome execution context, we can write the payload to disk, chmod it (if posix), and then execute. Note: Flash is used here to trigger the exploit but any Firefox plugin with script access should be able to trigger it.

Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects

Unknown

Jan. 8, 2013

Firefox,Java,Linux,OSX,Solaris,Windows

https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/firefox_svg_plugin.rb

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:02:28.521275+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/201309-23	38.0.0

2026-04-01T13:02:28.521275+00:00

Gentoo Importer

Import

https://security.gentoo.org/glsa/201309-23

38.0.0

Vulnerability ID	VCID-161c-812n-ffen
Aliases	CVE-2013-0757
Summary	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, some of which may allow a remote user to execute arbitrary code.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Percentile	0.98842
EPSS Score	0.74572
Published At	April 1, 2026, 12:55 p.m.