CVE-2013-1670

NONECVSS 0.0

0.0

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.

🔗 References (34)

security@mozillahttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
security@mozillahttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
security@mozillahttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
security@mozillahttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
security@mozillahttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
security@mozillahttp://rhn.redhat.com/errata/RHSA-2013-0820.html
security@mozillahttp://rhn.redhat.com/errata/RHSA-2013-0821.html
security@mozillahttp://www.debian.org/security/2013/dsa-2699
security@mozillahttp://www.exploit-db.com/exploits/34363
security@mozillahttp://www.mandriva.com/security/advisories?name=MDVSA-2013:165
security@mozillahttp://www.mozilla.org/security/announce/2013/mfsa2013-42.html
security@mozillahttp://www.osvdb.org/93427
security@mozillahttp://www.securityfocus.com/bid/59865
security@mozillahttp://www.ubuntu.com/usn/USN-1822-1
security@mozillahttp://www.ubuntu.com/usn/USN-1823-1

Is Your Infrastructure Affected by CVE-2013-1670?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-1670

📅 Published

🔄 Last Modified

🔗 References (34)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-1670?