CVE-2013-1675

Name: CVE-2013-1675
Creator: NVD / NIST
Published: 2013-05-16T11:45:30.877+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10Actively ExploitedEPSS 6.70%

Last modified Jun 16, 2026

CVE-2013-1675 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.. CISA has confirmed active exploitation in the wild. EPSS estimates a 6.70% chance of exploitation in the next 30 days.

Description

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Probability

6.70%

93.1th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Mar 24, 2022.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Mozilla	Firefox	< 21.0
Mozilla	Firefox	>= 17.0, < 17.0.6
Mozilla	Thunderbird	< 17.0.6
Mozilla	Thunderbird Esr	>= 17.0, < 17.0.6
Canonical	Ubuntu Linux	12.04
Canonical	Ubuntu Linux	12.10
Canonical	Ubuntu Linux	13.04
Debian	Debian Linux	7.0
Redhat	Gluster Storage Server For On-Premise	2.1
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Eus	5.9
Redhat	Enterprise Linux Eus	6.4
Redhat	Enterprise Linux For Ibm Z Systems	5.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems	6.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	5.9_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	6.4_s390x
Redhat	Enterprise Linux For Power Big Endian	5.0_ppc
Redhat	Enterprise Linux For Power Big Endian	6.0_ppc64
Redhat	Enterprise Linux For Power Big Endian Eus	5.9_ppc
Redhat	Enterprise Linux For Power Big Endian Eus	6.4_ppc64
Redhat	Enterprise Linux For Scientific Computing	6.0
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	5.9
Redhat	Enterprise Linux Server Aus	6.4
Redhat	Enterprise Linux Server Eus From Rhui	5.9
Redhat	Enterprise Linux Server Eus From Rhui	6.4
Redhat	Enterprise Linux Workstation	5.0
Redhat	Enterprise Linux Workstation	6.0
Opensuse	Opensuse	12.2
Opensuse	Opensuse	12.3

References

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0820.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0821.htmlThird Party Advisory
http://www.debian.org/security/2013/dsa-2699Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2013:165Broken Link
http://www.mozilla.org/security/announce/2013/mfsa2013-47.htmlVendor Advisory
http://www.securityfocus.com/bid/59858Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-1822-1Third Party Advisory
http://www.ubuntu.com/usn/USN-1823-1Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=866825Exploit, Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976Broken Link
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0820.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0821.htmlThird Party Advisory
http://www.debian.org/security/2013/dsa-2699Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2013:165Broken Link
http://www.mozilla.org/security/announce/2013/mfsa2013-47.htmlVendor Advisory
http://www.securityfocus.com/bid/59858Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-1822-1Third Party Advisory
http://www.ubuntu.com/usn/USN-1823-1Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=866825Exploit, Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1675US Government Resource

Timeline

Published: May 16, 2013
Last Modified: Jun 16, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2013-1675?

How severe is CVE-2013-1675?

CVE-2013-1675 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 6.70% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2013-1675?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-1675?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST