VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-368v-xqy3-37gn

Essentials
Severities (43)
References (27)
Severity details (35)
Exploits (3)
EPSS
History (1)

Vulnerability ID	VCID-368v-xqy3-37gn
Aliases	CVE-2013-1690
Summary	Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3.1	8.8	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html
cvssv3.1	8.8	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html
cvssv3.1	8.8	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
cvssv3.1	8.8	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html
cvssv3.1	8.8	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html
cvssv3.1	8.8	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html
cvssv3.1	8.8	http://rhn.redhat.com/errata/RHSA-2013-0981.html
ssvc	Attend	http://rhn.redhat.com/errata/RHSA-2013-0981.html
cvssv3.1	8.8	http://rhn.redhat.com/errata/RHSA-2013-0982.html
ssvc	Attend	http://rhn.redhat.com/errata/RHSA-2013-0982.html
epss	0.48488	https://api.first.org/data/v1/epss?cve=CVE-2013-1690
epss	0.48488	https://api.first.org/data/v1/epss?cve=CVE-2013-1690
epss	0.48488	https://api.first.org/data/v1/epss?cve=CVE-2013-1690
epss	0.48488	https://api.first.org/data/v1/epss?cve=CVE-2013-1690
epss	0.48488	https://api.first.org/data/v1/epss?cve=CVE-2013-1690
epss	0.48488	https://api.first.org/data/v1/epss?cve=CVE-2013-1690
epss	0.48488	https://api.first.org/data/v1/epss?cve=CVE-2013-1690
epss	0.48488	https://api.first.org/data/v1/epss?cve=CVE-2013-1690
cvssv3.1	8.8	https://bugzilla.mozilla.org/show_bug.cgi?id=857883
ssvc	Attend	https://bugzilla.mozilla.org/show_bug.cgi?id=857883
cvssv3.1	8.8	https://bugzilla.mozilla.org/show_bug.cgi?id=901365
ssvc	Attend	https://bugzilla.mozilla.org/show_bug.cgi?id=901365
cvssv3.1	8.8	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996
ssvc	Attend	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2013-53
cvssv3.1	8.8	http://www.debian.org/security/2013/dsa-2716
ssvc	Attend	http://www.debian.org/security/2013/dsa-2716
cvssv3.1	8.8	http://www.debian.org/security/2013/dsa-2720
ssvc	Attend	http://www.debian.org/security/2013/dsa-2720
cvssv3.1	8.8	http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
ssvc	Attend	http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
cvssv3.1	8.8	http://www.securityfocus.com/bid/60778
ssvc	Attend	http://www.securityfocus.com/bid/60778
cvssv3.1	8.8	http://www.ubuntu.com/usn/USN-1890-1
ssvc	Attend	http://www.ubuntu.com/usn/USN-1890-1
cvssv3.1	8.8	http://www.ubuntu.com/usn/USN-1891-1
ssvc	Attend	http://www.ubuntu.com/usn/USN-1891-1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1690.json
		https://api.first.org/data/v1/epss?cve=CVE-2013-1690
60778		http://www.securityfocus.com/bid/60778
977602		https://bugzilla.redhat.com/show_bug.cgi?id=977602
CVE-2013-1690		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
CVE-2013-1690;OSVDB-94584	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/27429.rb
dsa-2716		http://www.debian.org/security/2013/dsa-2716
dsa-2720		http://www.debian.org/security/2013/dsa-2720
mfsa2013-53		https://www.mozilla.org/en-US/security/advisories/mfsa2013-53
mfsa2013-53.html		http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
msg00003.html		http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html
msg00004.html		http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html
msg00005.html		http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
msg00006.html		http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html
msg00010.html		http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html
msg00011.html		http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html
oval%3Aorg.mitre.oval%3Adef%3A16996		https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996
RHSA-2013:0981		https://access.redhat.com/errata/RHSA-2013:0981
RHSA-2013-0981.html		http://rhn.redhat.com/errata/RHSA-2013-0981.html
RHSA-2013:0982		https://access.redhat.com/errata/RHSA-2013:0982
RHSA-2013-0982.html		http://rhn.redhat.com/errata/RHSA-2013-0982.html
show_bug.cgi?id=857883		https://bugzilla.mozilla.org/show_bug.cgi?id=857883
show_bug.cgi?id=901365		https://bugzilla.mozilla.org/show_bug.cgi?id=901365
USN-1890-1		https://usn.ubuntu.com/1890-1/
USN-1890-1		http://www.ubuntu.com/usn/USN-1890-1
USN-1891-1		https://usn.ubuntu.com/1891-1/
USN-1891-1		http://www.ubuntu.com/usn/USN-1891-1

Data source	Exploit-DB
Date added	Aug. 8, 2013
Description	Mozilla Firefox - onreadystatechange Event DocumentViewerImpl Use-After-Free (Metasploit)
Ransomware campaign use	Known
Source publication date	Aug. 8, 2013
Exploit type	remote
Platform	windows
Source update date	Aug. 8, 2013

Data source	KEV
Date added	March 28, 2022
Description	Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site.
Required action	Apply updates per vendor instructions.
Due date	April 18, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2013-1690
Ransomware campaign use	Unknown

Data source	Metasploit
Description	This module exploits a vulnerability found on Firefox 17.0.6, specifically a use after free of a DocumentViewerImpl object, triggered via a specially crafted web page using onreadystatechange events and the window.stop() API, as exploited in the wild on 2013 August to target Tor Browser users.
Note	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
Ransomware campaign use	Unknown
Source publication date	June 25, 2013
Platform	Windows
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/browser/mozilla_firefox_onreadystatechange.rb

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2013-0981.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-0981.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2013-0982.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-0982.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=857883

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=857883

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=901365

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=901365

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2013/dsa-2716

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://www.debian.org/security/2013/dsa-2716

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2013/dsa-2720

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://www.debian.org/security/2013/dsa-2720

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.mozilla.org/security/announce/2013/mfsa2013-53.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://www.mozilla.org/security/announce/2013/mfsa2013-53.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/60778

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://www.securityfocus.com/bid/60778

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-1890-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://www.ubuntu.com/usn/USN-1890-1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-1891-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:51:14Z/ Found at http://www.ubuntu.com/usn/USN-1891-1

Exploit Prediction Scoring System (EPSS)

Percentile	0.97649
EPSS Score	0.48488
Published At	Aug. 10, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:10:17.438450+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2013/mfsa2013-53.md	37.0.0