CVE-2013-1705

Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.

Published: 2013-08-06 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2013-1705 is rated High Risk (69.8/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 3.91%). Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2013-1705

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 5.28% 3.91% -1.37%
2 2025-07-09 6.69% 5.28% -1.40%
3 2025-03-30 6.69%

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2013-1705

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
10.0 10.0 [email protected]

Weakness enumeration for CVE-2013-1705

OS Trackers for CVE-2013-1705

vendor priority summary link
gentoo high CVE-2013-1705: 1 GLSA(s) (201309-23), 6 atom(s) (mail-client/thunderbird, mail-client/thunderbird-bin, www-client/firefox, www-client/firefox-bin, www-client/seamonkey, www-client/seamonkey-bin); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2013-1705
redhat critical https://access.redhat.com/security/cve/CVE-2013-1705
suse critical CVE-2013-1705 severity critical: SUSE including 67 source package names (MozillaFirefox-140.2.0-160000.1.2, MozillaFirefox-17.0.9esr-0.3.1, …), 95 product×package rows across 35 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 11 SP3, … (35 product lines)): Fixed 95. https://www.suse.com/security/cve/CVE-2013-1705/
ubuntu medium CVE-2013-1705 medium priority: Ubuntu including 1 source packages (firefox), 5 status rows across 5 suites (lucid, precise, quantal, raring, upstream): released 4, ignored 1. https://ubuntu.com/security/CVE-2013-1705

Affected software / configurations for CVE-2013-1705

Vendor Product Version Raw CPE
mozilla seamonkey <= 2.20 cpe:2.3:a:mozilla:seamonkey:*:beta3:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
mozilla seamonkey 2.0.1 cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
mozilla seamonkey 2.0.2 cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
mozilla seamonkey 2.0.3 cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
mozilla seamonkey 2.0.4 cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
mozilla seamonkey 2.0.5 cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
mozilla seamonkey 2.0.6 cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
mozilla seamonkey 2.0.7 cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
mozilla seamonkey 2.0.8 cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
mozilla seamonkey 2.0.9 cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
mozilla seamonkey 2.0.10 cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
mozilla seamonkey 2.0.11 cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
mozilla seamonkey 2.0.12 cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
mozilla seamonkey 2.0.13 cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
mozilla seamonkey 2.0.14 cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
mozilla seamonkey 2.1 cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*
mozilla seamonkey 2.1 cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
mozilla seamonkey 2.1 cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
mozilla seamonkey 2.1 cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
mozilla seamonkey 2.1 cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*
mozilla seamonkey 2.1 cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*
mozilla seamonkey 2.1 cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*
mozilla seamonkey 2.1 cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*
mozilla seamonkey 2.1 cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*
mozilla seamonkey 2.2 cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*
mozilla seamonkey 2.2 cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*
mozilla seamonkey 2.2 cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*
mozilla seamonkey 2.2 cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*
mozilla seamonkey 2.3 cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*
mozilla seamonkey 2.3 cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*
mozilla seamonkey 2.3 cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*
mozilla seamonkey 2.3 cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*
mozilla seamonkey 2.3.1 cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*
mozilla seamonkey 2.3.2 cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*
mozilla seamonkey 2.3.3 cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*
mozilla seamonkey 2.4 cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*
mozilla seamonkey 2.4 cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*
mozilla seamonkey 2.4 cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*
mozilla seamonkey 2.4 cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*
mozilla seamonkey 2.4.1 cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*
mozilla seamonkey 2.5 cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*
mozilla seamonkey 2.5 cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*
mozilla seamonkey 2.5 cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*
mozilla seamonkey 2.5 cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*
mozilla seamonkey 2.5 cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*
mozilla seamonkey 2.6 cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*
mozilla seamonkey 2.6 cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*
mozilla seamonkey 2.6 cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*
mozilla seamonkey 2.6 cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*
mozilla seamonkey 2.6 cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*
mozilla seamonkey 2.6.1 cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*
mozilla seamonkey 2.7 cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*
mozilla seamonkey 2.7 cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*
mozilla seamonkey 2.7 cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*
mozilla seamonkey 2.7 cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*
mozilla seamonkey 2.7 cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*
mozilla seamonkey 2.7 cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*
mozilla seamonkey 2.7.1 cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*
mozilla seamonkey 2.7.2 cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*
mozilla seamonkey 2.8 cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*
mozilla seamonkey 2.8 cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*
mozilla seamonkey 2.8 cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*
mozilla seamonkey 2.8 cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*
mozilla seamonkey 2.8 cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*
mozilla seamonkey 2.8 cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*
mozilla seamonkey 2.8 cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*
mozilla seamonkey 2.9 cpe:2.3:a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*
mozilla seamonkey 2.9 cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*
mozilla seamonkey 2.9 cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*
mozilla seamonkey 2.9 cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*
mozilla seamonkey 2.9 cpe:2.3:a:mozilla:seamonkey:2.9:beta4:*:*:*:*:*:*
mozilla seamonkey 2.9.1 cpe:2.3:a:mozilla:seamonkey:2.9.1:*:*:*:*:*:*:*

References for CVE-2013-1705

cvelogic Threat Intelligence