CVE-2013-0751 — Cross-site Scripting in Mozilla Firefox

CWE-26418 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.5%

top 33.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedJan 13

Latest updateMay 17

Description

Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶NVDmozilla/firefox17.0.1+155

▶NVDmozilla/seamonkey2.15+76

🔴Vulnerability Details

GHSA

GHSA-rhqr-9g4c-pqrj: Mozilla Firefox before 18↗2022-05-17

▶

CVEList

CVE-2013-0751: Mozilla Firefox before 18↗2013-01-13

▶

💬Community

Bugzilla

CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)↗2013-04-16

▶

Bugzilla

CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type checks (Libraries, 8009049)↗2013-04-16

▶

Bugzilla

CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)↗2013-04-16

▶

Bugzilla

CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)↗2013-04-16

▶

Bugzilla

CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)↗2013-04-16

▶