VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-xkxv-s1av-ukab

Essentials
Severities (46)
References (24)
Severity details (31)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-xkxv-s1av-ukab
Aliases	CVE-2013-1675
Summary	Mozilla community member Ms2ger discovered that some DOMSVGZoomEvent functions are used without being properly initialized, causing uninitialized memory to be used when they are called by web content. This could lead to a information leakage to sites depending on the contents of this uninitialized memory. In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-456

Missing Initialization of a Variable

System	Score	Found at
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
cvssv3.1	6.5	http://rhn.redhat.com/errata/RHSA-2013-0820.html
ssvc	Track	http://rhn.redhat.com/errata/RHSA-2013-0820.html
cvssv3.1	6.5	http://rhn.redhat.com/errata/RHSA-2013-0821.html
ssvc	Track	http://rhn.redhat.com/errata/RHSA-2013-0821.html
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
epss	0.02572	https://api.first.org/data/v1/epss?cve=CVE-2013-1675
cvssv3.1	6.5	https://bugzilla.mozilla.org/show_bug.cgi?id=866825
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=866825
cvssv3.1	6.5	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976
ssvc	Track	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2013-47
cvssv3.1	6.5	http://www.debian.org/security/2013/dsa-2699
ssvc	Track	http://www.debian.org/security/2013/dsa-2699
cvssv3.1	6.5	http://www.mandriva.com/security/advisories?name=MDVSA-2013:165
ssvc	Track	http://www.mandriva.com/security/advisories?name=MDVSA-2013:165
cvssv3.1	6.5	http://www.mozilla.org/security/announce/2013/mfsa2013-47.html
ssvc	Track	http://www.mozilla.org/security/announce/2013/mfsa2013-47.html
cvssv3.1	6.5	http://www.securityfocus.com/bid/59858
ssvc	Track	http://www.securityfocus.com/bid/59858
cvssv3.1	6.5	http://www.ubuntu.com/usn/USN-1822-1
ssvc	Track	http://www.ubuntu.com/usn/USN-1822-1
cvssv3.1	6.5	http://www.ubuntu.com/usn/USN-1823-1
ssvc	Track	http://www.ubuntu.com/usn/USN-1823-1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1675.json
		https://api.first.org/data/v1/epss?cve=CVE-2013-1675
59858		http://www.securityfocus.com/bid/59858
962601		https://bugzilla.redhat.com/show_bug.cgi?id=962601
advisories?name=MDVSA-2013:165		http://www.mandriva.com/security/advisories?name=MDVSA-2013:165
CVE-2013-1675		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675
dsa-2699		http://www.debian.org/security/2013/dsa-2699
mfsa2013-47		https://www.mozilla.org/en-US/security/advisories/mfsa2013-47
mfsa2013-47.html		http://www.mozilla.org/security/announce/2013/mfsa2013-47.html
msg00006.html		http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
msg00008.html		http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
msg00010.html		http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
msg00011.html		http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
msg00012.html		http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
oval%3Aorg.mitre.oval%3Adef%3A16976		https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976
RHSA-2013:0820		https://access.redhat.com/errata/RHSA-2013:0820
RHSA-2013-0820.html		http://rhn.redhat.com/errata/RHSA-2013-0820.html
RHSA-2013:0821		https://access.redhat.com/errata/RHSA-2013:0821
RHSA-2013-0821.html		http://rhn.redhat.com/errata/RHSA-2013-0821.html
show_bug.cgi?id=866825		https://bugzilla.mozilla.org/show_bug.cgi?id=866825
USN-1822-1		https://usn.ubuntu.com/1822-1/
USN-1822-1		http://www.ubuntu.com/usn/USN-1822-1
USN-1823-1		https://usn.ubuntu.com/1823-1/
USN-1823-1		http://www.ubuntu.com/usn/USN-1823-1

Data source	KEV
Date added	March 3, 2022
Description	Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
Required action	Apply updates per vendor instructions.
Due date	March 24, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2013-1675
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2013-0820.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-0820.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2013-0821.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-0821.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=866825

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=866825

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://www.debian.org/security/2013/dsa-2699

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://www.debian.org/security/2013/dsa-2699

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://www.mandriva.com/security/advisories?name=MDVSA-2013:165

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://www.mandriva.com/security/advisories?name=MDVSA-2013:165

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://www.mozilla.org/security/announce/2013/mfsa2013-47.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://www.mozilla.org/security/announce/2013/mfsa2013-47.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://www.securityfocus.com/bid/59858

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://www.securityfocus.com/bid/59858

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://www.ubuntu.com/usn/USN-1822-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://www.ubuntu.com/usn/USN-1822-1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://www.ubuntu.com/usn/USN-1823-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T12:51:27Z/ Found at http://www.ubuntu.com/usn/USN-1823-1

Exploit Prediction Scoring System (EPSS)

Percentile	0.84958
EPSS Score	0.02572
Published At	Aug. 8, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:10:21.128299+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2013/mfsa2013-47.md	37.0.0