CVE-2013-1671Improper Input Validation in Mozilla Firefox

CWE-20Improper Input Validation5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 31.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedMay 16
Latest updateMay 17

Description

Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox20.0.1+4

🔴Vulnerability Details

1
GHSA
GHSA-r9m2-q2gr-6g6w: Mozilla Firefox before 212022-05-17

📋Vendor Advisories

2
Ubuntu
Firefox vulnerabilities2013-05-14
Red Hat
Mozilla: File input control has access to full path (MFSA 2013-43)2013-05-14

💬Community

1
Bugzilla
CVE-2013-1671 Mozilla: File input control has access to full path (MFSA 2013-43)2013-05-14