CVE-2013-1670
published 2013-05-16CVE-2013-1670: The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR…
PriorityP270medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
10.89%
95.3th percentile
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | <= 20.0.1 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | thunderbird | <= 17.0.5 | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird_esr | — | — |
| mozilla | thunderbird_esr | — | — |
| mozilla | thunderbird_esr | — | — |
| mozilla | thunderbird_esr | — | — |
| mozilla | thunderbird_esr | — | — |
| mozilla | thunderbird_esr | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for JavaScript calls to `console.time()` with a non-string/object argument (e.g., a plain object `y`) combined with overriding `constructor.prototype.toString` — this is the exploit trigger pattern for CVE-2013-1670. ↗
- →Detect calls to `crypto.generateCRMFRequest` from web content context (non-chrome origin), especially with 'rsa-ex' as the key type argument — this indicates privilege escalation via the COW bypass. ↗
- →Target Firefox versions 15–22 (User-Agent screening); the Metasploit module explicitly restricts to ua_minver 15.0 and ua_maxver 22.0. ↗
- →The exploit abuses content-level constructors to gain chrome-privileged write access via Chrome Object Wrapper (COW); monitor for write operations on chrome-privileged objects originating from content-level JavaScript. ↗
- ·Thunderbird is not exploitable via email because scripting is disabled in that context; the vulnerability is only a risk in browser or browser-like contexts. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
vendor_ubuntu10.0CRITICAL
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2013-05-14·CVSS 10.0
CVE-2013-0801 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple memory safety issues were discovered in Firefox. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2013-0801, CVE-2013-1669)
Cody Crews discovered that some constructors could be used to bypass
restrictions enforced by their Chrome Object Wrapper (COW). An attacker
could exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2013-1670)
It was discovered that the file input element could expose the full local
path under certain conditions. An attack
Red Hat
Mozilla: Privileged access for content level constructor (MFSA 2013-42)
vendor_redhat·2013-05-14·CVSS 4.3
CVE-2013-1670 [MEDIUM] Mozilla: Privileged access for content level constructor (MFSA 2013-42)
Mozilla: Privileged access for content level constructor (MFSA 2013-42)
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
Package: thunderbird (Red Hat Enterprise Linux 5) - Affected
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2013-05-14·CVSS 10.0
CVE-2013-0801 [CRITICAL] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple memory safety issues were discovered in Thunderbird. If the user
were tricked into opening a specially crafted message with scripting
enabled, an attacker could possibly exploit these to cause a denial of
service via application crash, or potentially execute code with the
privileges of the user invoking Thunderbird. (CVE-2013-0801,
CVE-2013-1669)
Cody Crews discovered that some constructors could be used to bypass
restrictions enforced by their Chrome Object Wrapper (COW). If a user had
scripting enabled, an attacker could exploit this to conduct cross-site
scripting (XSS) attacks. (CVE-2013-1670)
A use-after-free was discovered when resizing video content whilst it is
playing. If a
GHSA
GHSA-wmq6-5fp5-6pfg: The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21
ghsa_unreviewed·2022-05-17
CVE-2013-1670 [MEDIUM] CWE-79 GHSA-wmq6-5fp5-6pfg: The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
VulnCheck
Mozilla Firefox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2013·CVSS 4.3
CVE-2013-1670 [MEDIUM] Mozilla Firefox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Mozilla Firefox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
Affected: Mozilla Firefox
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/terror-expl
No detection rules found.
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0820.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0821.htmlhttp://www.debian.org/security/2013/dsa-2699http://www.exploit-db.com/exploits/34363http://www.mandriva.com/security/advisories?name=MDVSA-2013:165http://www.mozilla.org/security/announce/2013/mfsa2013-42.htmlhttp://www.osvdb.org/93427http://www.securityfocus.com/bid/59865http://www.ubuntu.com/usn/USN-1822-1http://www.ubuntu.com/usn/USN-1823-1https://bugzilla.mozilla.org/show_bug.cgi?id=853709https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17046http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0820.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0821.htmlhttp://www.debian.org/security/2013/dsa-2699http://www.exploit-db.com/exploits/34363http://www.mandriva.com/security/advisories?name=MDVSA-2013:165http://www.mozilla.org/security/announce/2013/mfsa2013-42.htmlhttp://www.osvdb.org/93427http://www.securityfocus.com/bid/59865http://www.ubuntu.com/usn/USN-1822-1http://www.ubuntu.com/usn/USN-1823-1https://bugzilla.mozilla.org/show_bug.cgi?id=853709https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17046
2013-05-16
Published
Exploited in the wild