CVE-2013-1669

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: 2013-05-16 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2013-1669 is rated High Risk (74.2/100): CVSS Critical severity, with high exploitation likelihood (EPSS 5.39%, 92th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +2.10% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2013-1669

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 3.29% 5.39% +2.10%
2 2025-11-17 2.38% 3.29% +0.91%
3 2025-03-30 2.38%

Full EPSS history (12 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2013-1669

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 10.0 [email protected]

Weakness enumeration for CVE-2013-1669

OS Trackers for CVE-2013-1669

vendor priority summary link
redhat critical https://access.redhat.com/security/cve/CVE-2013-1669
suse critical CVE-2013-1669 severity critical: SUSE including 53 source package names (MozillaFirefox-140.2.0-160000.1.2, MozillaFirefox-31.1.0esr-1.20, …), 69 product×package rows across 28 product lines (SUSE Linux Enterprise Desktop 12, SUSE Linux Enterprise Desktop 12 SP1, … (28 product lines)): Fixed 69. https://www.suse.com/security/cve/CVE-2013-1669/
ubuntu medium CVE-2013-1669 medium priority: Ubuntu including 4 source packages (firefox, seamonkey, thunderbird, xulrunner-1.9.2), 20 status rows across 5 suites (lucid, precise, quantal, raring, upstream): released 8, DNE 6, ignored 4, needs-triage 2. https://ubuntu.com/security/CVE-2013-1669

Affected software / configurations for CVE-2013-1669

Vendor Product Version Raw CPE
mozilla firefox <= 20.0.1 cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozilla firefox 19.0 cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
mozilla firefox 19.0.1 cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
mozilla firefox 19.0.2 cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
mozilla firefox 20.0 cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*

References for CVE-2013-1669

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
http://www.mozilla.org/security/announce/2013/mfsa2013-41.html Vendor Advisory
http://www.securityfocus.com/bid/59870
http://www.ubuntu.com/usn/USN-1822-1
http://www.ubuntu.com/usn/USN-1823-1
https://bugzilla.mozilla.org/show_bug.cgi?id=791432
https://bugzilla.mozilla.org/show_bug.cgi?id=803228
https://bugzilla.mozilla.org/show_bug.cgi?id=814552
https://bugzilla.mozilla.org/show_bug.cgi?id=819775
https://bugzilla.mozilla.org/show_bug.cgi?id=821479
https://bugzilla.mozilla.org/show_bug.cgi?id=821850
https://bugzilla.mozilla.org/show_bug.cgi?id=822910
https://bugzilla.mozilla.org/show_bug.cgi?id=826104
https://bugzilla.mozilla.org/show_bug.cgi?id=826392
https://bugzilla.mozilla.org/show_bug.cgi?id=826588
https://bugzilla.mozilla.org/show_bug.cgi?id=834526 Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=837007
https://bugzilla.mozilla.org/show_bug.cgi?id=837324
https://bugzilla.mozilla.org/show_bug.cgi?id=843434
https://bugzilla.mozilla.org/show_bug.cgi?id=854001
https://bugzilla.mozilla.org/show_bug.cgi?id=855236
https://bugzilla.mozilla.org/show_bug.cgi?id=865948
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16493
cvelogic Threat Intelligence