CVE-2013-0770

Exp

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: 2013-01-13 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2013-0770 is rated High Exploit Risk (89.4/100): CVSS Critical severity, with high exploitation likelihood (EPSS 5.85%, 92th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +4.91% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2013-0770

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2013-0770

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.94% 5.85% +4.91%
2 2025-07-17 0.67% 0.94% +0.27%
3 2025-03-30 0.67%

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2013-0770

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.3 2.0 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 8.6 10.0 [email protected]

Weakness enumeration for CVE-2013-0770

OS Trackers for CVE-2013-0770

vendor priority summary link
gentoo high CVE-2013-0770: 1 GLSA(s) (201309-23), 6 atom(s) (mail-client/thunderbird, mail-client/thunderbird-bin, www-client/firefox, www-client/firefox-bin, www-client/seamonkey, www-client/seamonkey-bin); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2013-0770
redhat critical https://access.redhat.com/security/cve/CVE-2013-0770
suse medium CVE-2013-0770 severity moderate: SUSE including 81 source package names (MozillaFirefox, MozillaFirefox-10.0.12-0.4.1, …), 161 product×package rows across 45 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (45 product lines)): Fixed 130, Known Not Affected 31. https://www.suse.com/security/cve/CVE-2013-0770/
ubuntu medium CVE-2013-0770 medium priority: Ubuntu including 3 source packages (firefox, seamonkey, thunderbird), 24 status rows across 8 suites (hardy, lucid, oneiric, precise, quantal, raring, saucy, upstream): released 15, ignored 5, DNE 4. https://ubuntu.com/security/CVE-2013-0770

Affected software / configurations for CVE-2013-0770

Vendor Product Version Raw CPE
mozilla firefox < 10.0.12 cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozilla firefox < 18.0 cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozilla firefox >= 17.0, < 17.0.2 cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozilla seamonkey < 2.15 cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozilla thunderbird < 17.0.2 cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
mozilla thunderbird_esr < 10.0.12 cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
mozilla thunderbird_esr >= 17.0, < 17.0.2 cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
opensuse opensuse 11.4 cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
opensuse opensuse 12.1 cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
opensuse opensuse 12.2 cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
suse linux_enterprise_desktop 10 cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
suse linux_enterprise_desktop 11 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
suse linux_enterprise_server 10 cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
suse linux_enterprise_software_development_kit 10 cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
suse linux_enterprise_software_development_kit 11 cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
canonical ubuntu_linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
canonical ubuntu_linux 11.10 cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
canonical ubuntu_linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
canonical ubuntu_linux 12.10 cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

References for CVE-2013-0770

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html Mailing List Third Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-01.html Vendor Advisory
http://www.palemoon.org/releasenotes-ng.shtml Broken Link
http://www.ubuntu.com/usn/USN-1681-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-1681-2 Third Party Advisory
http://www.ubuntu.com/usn/USN-1681-4 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=756581 Issue Tracking Patch Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=768750 Exploit Issue Tracking Patch Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=787818 Issue Tracking Patch Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=795284 Issue Tracking Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16813 Third Party Advisory
cvelogic Threat Intelligence