CVE-2013-0788 [Critical] | Denial of Service in Firefox

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-26	4.65%	4.61%	-0.04%
2	2026-06-15	3.05%	4.65%	+1.60%
3	2026-03-14	—	3.05%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-26

4.65%

4.61%

-0.04%

2026-06-15

3.05%

4.65%

+1.60%

2026-03-14

—

3.05%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	10.0	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

10.0

2.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

10.0

[email protected]

OS Trackers for CVE-2013-0788

vendor	priority	summary	link
`gentoo`	high	CVE-2013-0788: 1 GLSA(s) (201309-23), 6 atom(s) (mail-client/thunderbird, mail-client/thunderbird-bin, www-client/firefox, www-client/firefox-bin, www-client/seamonkey, www-client/seamonkey-bin); latest impact high.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2013-0788
`redhat`	critical	—	https://access.redhat.com/security/cve/CVE-2013-0788
`suse`	medium	CVE-2013-0788 severity moderate: SUSE including 78 source package names (MozillaFirefox-140.2.0-160000.1.2, MozillaFirefox-17.0.6esr-0.4.1, …), 136 product×package rows across 34 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 12, … (34 product lines)): Fixed 136.	https://www.suse.com/security/cve/CVE-2013-0788/
`ubuntu`	medium	CVE-2013-0788 medium priority: Ubuntu including 5 source packages (firefox, seamonkey, thunderbird, xulrunner-1.9.2, xulrunner-2.0), 40 status rows across 8 suites (hardy, lucid, oneiric, precise, quantal, raring, saucy, upstream): DNE 16, released 14, ignored 7, needs-triage 2, pending 1.	https://ubuntu.com/security/CVE-2013-0788

Affected software / configurations for CVE-2013-0788

Vendor	Product	Version	Raw CPE
mozilla	firefox	<= 19.0.2	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	19.0	cpe:2.3:a:mozilla:firefox:19.0:::::::*
mozilla	firefox	19.0.1	cpe:2.3:a:mozilla:firefox:19.0.1:::::::*
mozilla	firefox	17.0	cpe:2.3:a:mozilla:firefox:17.0:::::::*
mozilla	firefox	17.0.1	cpe:2.3:a:mozilla:firefox:17.0.1:::::::*
mozilla	firefox	17.0.2	cpe:2.3:a:mozilla:firefox:17.0.2:::::::*
mozilla	firefox	17.0.3	cpe:2.3:a:mozilla:firefox:17.0.3:::::::*
mozilla	firefox	17.0.4	cpe:2.3:a:mozilla:firefox:17.0.4:::::::*
mozilla	thunderbird	17.0	cpe:2.3:a:mozilla:thunderbird:17.0:::::::*
mozilla	thunderbird	17.0.1	cpe:2.3:a:mozilla:thunderbird:17.0.1:::::::*
mozilla	thunderbird	17.0.2	cpe:2.3:a:mozilla:thunderbird:17.0.2:::::::*
mozilla	thunderbird	17.0.3	cpe:2.3:a:mozilla:thunderbird:17.0.3:::::::*
mozilla	thunderbird	17.0.4	cpe:2.3:a:mozilla:thunderbird:17.0.4:::::::*
mozilla	thunderbird_esr	17.0	cpe:2.3:a:mozilla:thunderbird_esr:17.0:::::::*
mozilla	thunderbird_esr	17.0.1	cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:::::::*
mozilla	thunderbird_esr	17.0.2	cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:::::::*
mozilla	thunderbird_esr	17.0.3	cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:::::::*
mozilla	thunderbird_esr	17.0.4	cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:::::::*
mozilla	seamonkey	<= 2.17	cpe:2.3:a:mozilla:seamonkey::beta4::::::*
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:::::::*
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:beta_1::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:beta_2::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:rc1::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:rc2::::::
mozilla	seamonkey	2.0.1	cpe:2.3:a:mozilla:seamonkey:2.0.1:::::::*
mozilla	seamonkey	2.0.2	cpe:2.3:a:mozilla:seamonkey:2.0.2:::::::*
mozilla	seamonkey	2.0.3	cpe:2.3:a:mozilla:seamonkey:2.0.3:::::::*
mozilla	seamonkey	2.0.4	cpe:2.3:a:mozilla:seamonkey:2.0.4:::::::*
mozilla	seamonkey	2.0.5	cpe:2.3:a:mozilla:seamonkey:2.0.5:::::::*
mozilla	seamonkey	2.0.6	cpe:2.3:a:mozilla:seamonkey:2.0.6:::::::*
mozilla	seamonkey	2.0.7	cpe:2.3:a:mozilla:seamonkey:2.0.7:::::::*
mozilla	seamonkey	2.0.8	cpe:2.3:a:mozilla:seamonkey:2.0.8:::::::*
mozilla	seamonkey	2.0.9	cpe:2.3:a:mozilla:seamonkey:2.0.9:::::::*
mozilla	seamonkey	2.0.10	cpe:2.3:a:mozilla:seamonkey:2.0.10:::::::*
mozilla	seamonkey	2.0.11	cpe:2.3:a:mozilla:seamonkey:2.0.11:::::::*
mozilla	seamonkey	2.0.12	cpe:2.3:a:mozilla:seamonkey:2.0.12:::::::*
mozilla	seamonkey	2.0.13	cpe:2.3:a:mozilla:seamonkey:2.0.13:::::::*
mozilla	seamonkey	2.0.14	cpe:2.3:a:mozilla:seamonkey:2.0.14:::::::*
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:::::::*
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:alpha1::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:alpha2::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:alpha3::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:beta1::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:beta2::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:beta3::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:rc1::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:rc2::::::
mozilla	seamonkey	2.2	cpe:2.3:a:mozilla:seamonkey:2.2:::::::*
mozilla	seamonkey	2.2	cpe:2.3:a:mozilla:seamonkey:2.2:beta1::::::
mozilla	seamonkey	2.2	cpe:2.3:a:mozilla:seamonkey:2.2:beta2::::::
mozilla	seamonkey	2.2	cpe:2.3:a:mozilla:seamonkey:2.2:beta3::::::
mozilla	seamonkey	2.3	cpe:2.3:a:mozilla:seamonkey:2.3:::::::*
mozilla	seamonkey	2.3	cpe:2.3:a:mozilla:seamonkey:2.3:beta1::::::
mozilla	seamonkey	2.3	cpe:2.3:a:mozilla:seamonkey:2.3:beta2::::::
mozilla	seamonkey	2.3	cpe:2.3:a:mozilla:seamonkey:2.3:beta3::::::
mozilla	seamonkey	2.3.1	cpe:2.3:a:mozilla:seamonkey:2.3.1:::::::*
mozilla	seamonkey	2.3.2	cpe:2.3:a:mozilla:seamonkey:2.3.2:::::::*
mozilla	seamonkey	2.3.3	cpe:2.3:a:mozilla:seamonkey:2.3.3:::::::*
mozilla	seamonkey	2.4	cpe:2.3:a:mozilla:seamonkey:2.4:::::::*
mozilla	seamonkey	2.4	cpe:2.3:a:mozilla:seamonkey:2.4:beta1::::::
mozilla	seamonkey	2.4	cpe:2.3:a:mozilla:seamonkey:2.4:beta2::::::
mozilla	seamonkey	2.4	cpe:2.3:a:mozilla:seamonkey:2.4:beta3::::::
mozilla	seamonkey	2.4.1	cpe:2.3:a:mozilla:seamonkey:2.4.1:::::::*
mozilla	seamonkey	2.5	cpe:2.3:a:mozilla:seamonkey:2.5:::::::*
mozilla	seamonkey	2.5	cpe:2.3:a:mozilla:seamonkey:2.5:beta1::::::
mozilla	seamonkey	2.5	cpe:2.3:a:mozilla:seamonkey:2.5:beta2::::::
mozilla	seamonkey	2.5	cpe:2.3:a:mozilla:seamonkey:2.5:beta3::::::
mozilla	seamonkey	2.5	cpe:2.3:a:mozilla:seamonkey:2.5:beta4::::::
mozilla	seamonkey	2.6	cpe:2.3:a:mozilla:seamonkey:2.6:::::::*
mozilla	seamonkey	2.6	cpe:2.3:a:mozilla:seamonkey:2.6:beta1::::::
mozilla	seamonkey	2.6	cpe:2.3:a:mozilla:seamonkey:2.6:beta2::::::
mozilla	seamonkey	2.6	cpe:2.3:a:mozilla:seamonkey:2.6:beta3::::::
mozilla	seamonkey	2.6	cpe:2.3:a:mozilla:seamonkey:2.6:beta4::::::
mozilla	seamonkey	2.6.1	cpe:2.3:a:mozilla:seamonkey:2.6.1:::::::*
mozilla	seamonkey	2.7	cpe:2.3:a:mozilla:seamonkey:2.7:::::::*
mozilla	seamonkey	2.7	cpe:2.3:a:mozilla:seamonkey:2.7:beta1::::::
mozilla	seamonkey	2.7	cpe:2.3:a:mozilla:seamonkey:2.7:beta2::::::

References for CVE-2013-0788

URL	Tags
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
http://rhn.redhat.com/errata/RHSA-2013-0696.html
http://rhn.redhat.com/errata/RHSA-2013-0697.html
http://www.debian.org/security/2013/dsa-2699
http://www.mozilla.org/security/announce/2013/mfsa2013-30.html	Vendor Advisory
http://www.ubuntu.com/usn/USN-1791-1
https://bugzilla.mozilla.org/show_bug.cgi?id=635852
https://bugzilla.mozilla.org/show_bug.cgi?id=771942
https://bugzilla.mozilla.org/show_bug.cgi?id=784730
https://bugzilla.mozilla.org/show_bug.cgi?id=813442
https://bugzilla.mozilla.org/show_bug.cgi?id=827870
https://bugzilla.mozilla.org/show_bug.cgi?id=834240
https://bugzilla.mozilla.org/show_bug.cgi?id=839621
https://bugzilla.mozilla.org/show_bug.cgi?id=840263
https://bugzilla.mozilla.org/show_bug.cgi?id=840353
https://bugzilla.mozilla.org/show_bug.cgi?id=852923
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16629

URL

CVE-2013-0788

Exploit prediction scoring system (EPSS) score for CVE-2013-0788

Common vulnerability scoring system (CVSS) metrics for CVE-2013-0788

Weakness enumeration for CVE-2013-0788

OS Trackers for CVE-2013-0788

Affected software / configurations for CVE-2013-0788

References for CVE-2013-0788