CVE-2013-1696 — Mozilla Firefox vulnerability

CWE-2646 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.4%

top 37.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedJun 26

Latest updateMay 17

Description

Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages1 packages

▶NVDmozilla/firefox21.0+5

🔴Vulnerability Details

GHSA

GHSA-p8m8-g4qv-wxqh: Mozilla Firefox before 22↗2022-05-17

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2013-07-03

▶

Ubuntu

Firefox vulnerabilities↗2013-06-26

▶

Red Hat

Mozilla: X-Frame-Options ignored when using server push with multi-part responses (MFSA 2013-58)↗2013-06-25

▶

💬Community

Bugzilla

CVE-2013-1696 Mozilla: X-Frame-Options ignored when using server push with multi-part responses (MFSA 2013-58)↗2013-06-25

▶