CVE-2013-1695Mozilla Firefox vulnerability

CWE-2646 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 63.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedJun 26
Latest updateMay 17

Description

Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox21.0+5

🔴Vulnerability Details

1
GHSA
GHSA-6mj7-82v7-f3vw: Mozilla Firefox before 222022-05-17

📋Vendor Advisories

3
Ubuntu
Firefox regression2013-07-03
Ubuntu
Firefox vulnerabilities2013-06-26
Red Hat
Mozilla: Sandbox restrictions not applied to nested frame elements (MFSA 2013-57)2013-06-25

💬Community

1
Bugzilla
CVE-2013-1695 Mozilla: Sandbox restrictions not applied to nested frame elements (MFSA 2013-57)2013-06-25