What is CVE-2013-6671?

CVE-2013-6671 is a critical-severity vulnerability in Mozilla Firefox, classified under Code Injection. CVSS score: 9.8/10. Published 2013-12-11.

How severe is CVE-2013-6671?

Critical severity. CVSS v3 base score is 9.8 out of 10.

RCE in Mozilla Firefox

CVE-2013-6671

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.104 (93.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Canonical Ubuntu_linux — versions 12.04, 12.10, 13.04
Fedoraproject Fedora — versions 18, 19, 20
Opensuse — versions 12.2, 12.3, 13.1
Redhat Enterprise_linux_desktop — versions 5.0, 6.0
Redhat Enterprise_linux_eus — versions 6.5
Redhat Enterprise_linux_server — versions 5.0, 6.0
Redhat Enterprise_linux_server_aus — versions 6.5

Weakness classification (CWE)

CWE-94 — Code Injection

References

openSUSE-SU-2013:1958 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
SUSE-SU-2013:1919 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
openSUSE-SU-2013:1957 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
FEDORA-2013-23127 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
FEDORA-2013-23519 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
1029470 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
openSUSE-SU-2013:1917 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
openSUSE-SU-2013:1959 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
GLSA-201504-01 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)

Frequently asked questions

What is CVE-2013-6671?: CVE-2013-6671 is a critical-severity vulnerability in Mozilla Firefox, classified under Code Injection. CVSS score: 9.8/10. Published 2013-12-11.
How severe is CVE-2013-6671?: Critical severity. CVSS v3 base score is 9.8 out of 10.