CVE-2013-1683

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Published: 2013-06-25 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2013-1683 is rated High Risk (75.7/100): CVSS Critical severity, with high exploitation likelihood (EPSS 5.40%, 92th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +3.64% over the last day, indicating growing attacker interest. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2013-1683

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 1.76% 5.40% +3.64%
2 2025-12-28 1.27% 1.76% +0.49%
3 2025-03-30 1.27%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2013-1683

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
10.0 10.0 [email protected]

Weakness enumeration for CVE-2013-1683

OS Trackers for CVE-2013-1683

vendor priority summary link
redhat critical https://access.redhat.com/security/cve/CVE-2013-1683
suse critical CVE-2013-1683 severity critical: SUSE including 44 source package names (MozillaFirefox, MozillaFirefox-140.2.0-160000.1.2, …), 90 product×package rows across 32 product lines (SUSE Linux Enterprise Desktop 12, SUSE Linux Enterprise Desktop 12 SP1, … (32 product lines)): Fixed 56, Known Not Affected 34. https://www.suse.com/security/cve/CVE-2013-1683/
ubuntu medium CVE-2013-1683 medium priority: Ubuntu including 1 source packages (firefox), 5 status rows across 5 suites (lucid, precise, quantal, raring, upstream): released 4, ignored 1. https://ubuntu.com/security/CVE-2013-1683

Affected software / configurations for CVE-2013-1683

Vendor Product Version Raw CPE
mozilla firefox <= 21.0 cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozilla firefox 19.0 cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
mozilla firefox 19.0.1 cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
mozilla firefox 19.0.2 cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
mozilla firefox 20.0 cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
mozilla firefox 20.0.1 cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*

References for CVE-2013-1683

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
http://www.mozilla.org/security/announce/2013/mfsa2013-49.html Vendor Advisory
http://www.ubuntu.com/usn/USN-1890-1
https://bugzilla.mozilla.org/show_bug.cgi?id=822941
https://bugzilla.mozilla.org/show_bug.cgi?id=834732
https://bugzilla.mozilla.org/show_bug.cgi?id=846615
https://bugzilla.mozilla.org/show_bug.cgi?id=851418
https://bugzilla.mozilla.org/show_bug.cgi?id=862182
https://bugzilla.mozilla.org/show_bug.cgi?id=863454
https://bugzilla.mozilla.org/show_bug.cgi?id=865569
https://bugzilla.mozilla.org/show_bug.cgi?id=865883
https://bugzilla.mozilla.org/show_bug.cgi?id=876458
https://bugzilla.mozilla.org/show_bug.cgi?id=877287
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17173
cvelogic Threat Intelligence