CVE-2013-1698 — Improper Input Validation in Mozilla Firefox

CWE-264 CWE-20 — Improper Input Validation8 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 44.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedJun 26

Latest updateMay 17

Description

The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME elements.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox21.0+5

🔴Vulnerability Details

GHSA

GHSA-xcgp-vxv9-g7g2: The getUserMedia permission implementation in Mozilla Firefox before 22↗2022-05-17

▶

📋Vendor Advisories

Cisco

Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability↗2013-09-25

▶

Ubuntu

Firefox regression↗2013-07-03

▶

Ubuntu

Firefox vulnerabilities↗2013-06-26

▶

Red Hat

Mozilla: getUserMedia permission dialog incorrectly displays location (MFSA 2013-60)↗2013-06-25

▶

Cisco

Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability↗

▶

💬Community

Bugzilla

CVE-2013-1698 Mozilla: getUserMedia permission dialog incorrectly displays location (MFSA 2013-60)↗2013-06-25

▶