[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-1670Date: (C)2013-05-16   (M)2024-03-27


The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
EXPLOIT-DB-34363
BID-59865
OSVDB-93427
DSA-2699
IAVM:2013-A-0109
MDVSA-2013:165
RHSA-2013:0820
RHSA-2013:0821
USN-1822-1
USN-1823-1
http://www.mozilla.org/security/announce/2013/mfsa2013-42.html
https://bugzilla.mozilla.org/show_bug.cgi?id=853709
openSUSE-SU-2013:0825
openSUSE-SU-2013:0831
openSUSE-SU-2013:0834
openSUSE-SU-2013:0929
openSUSE-SU-2013:0946
oval:org.mitre.oval:def:17046

CPE    23
cpe:/a:mozilla:firefox_esr:17.0
cpe:/a:mozilla:firefox:20.0.1
cpe:/a:mozilla:firefox:19.0
cpe:/a:mozilla:thunderbird:17.0
...
CWE    1
CWE-79
OVAL    22
oval:org.secpod.oval:def:11224
oval:org.secpod.oval:def:400540
oval:org.secpod.oval:def:601045
oval:org.secpod.oval:def:701279
...

© SecPod Technologies