Is CVE-2013-1690 actively exploited?

CVE-2013-1690 has no public evidence of in-the-wild exploitation as of 2025-10-22.

What is the CVSS score for CVE-2013-1690?

CVE-2013-1690 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

How do I patch CVE-2013-1690?

Patch guidance is available from mozilla security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2013-1690.

Fix CVE-2013-1690 - HIGH mozilla firefox

Q: Which products are affected by CVE-2013-1690?

34 products: mozilla firefox, mozilla firefox, mozilla thunderbird, mozilla thunderbird esr, canonical ubuntu linux, and 29 more.

Description

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-119 · Memory Buffer Errors CWE-119 · Memory Buffer Errors

Metadata

Primary Vendor: MOZILLA
Published: 6/26/2013
Last Modified: 10/22/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

mozilla : firefoxmozilla : firefoxmozilla : thunderbirdmozilla : thunderbird_esrcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxdebian : debian_linuxredhat : gluster_storage_server_for_on-premiseredhat : enterprise_linux_desktopredhat : enterprise_linux_desktopredhat : enterprise_linux_eusredhat : enterprise_linux_eusredhat : enterprise_linux_serverredhat : enterprise_linux_serverredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : enterprise_linux_workstationredhat : enterprise_linux_workstationopensuse : opensuseopensuse : opensuseopensuse : opensusesuse : linux_enterprise_desktopsuse : linux_enterprise_desktopsuse : linux_enterprise_desktopsuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_serversuse : linux_enterprise_software_development_kitsuse : linux_enterprise_software_development_kit

Remediation Guidance

Executive Summary

View on NIST NVD