CVE-2013-0793 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.5%

top 18.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +1 more

Timeline

PublishedApr 3

Latest updateMay 17

Description

Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDmozilla/firefox19.0.2+7

▶NVDmozilla/thunderbird5 versions+4

▶NVDmozilla/thunderbird_esr5 versions+4

▶NVDmozilla/seamonkey2.17+48

🔴Vulnerability Details

GHSA

GHSA-cv3q-wvhv-rg74: Mozilla Firefox before 20↗2022-05-17

▶

CVEList

CVE-2013-0793: Mozilla Firefox before 20↗2013-04-03

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2013-04-08

▶

Ubuntu

Firefox vulnerabilities↗2013-04-04

▶

Red Hat

Mozilla: Cross-site scripting (XSS) using timed history navigations (MFSA 2013-38)↗2013-04-02

▶

💬Community

Bugzilla

CVE-2013-0793 Mozilla: Cross-site scripting (XSS) using timed history navigations (MFSA 2013-38)↗2013-04-01

▶