CVE-2013-1709Cross-site Scripting in Mozilla Firefox

CWE-79Cross-site Scripting5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 33.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedAug 7
Latest updateMay 17

Description

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDmozilla/firefox22.0+14
NVDmozilla/thunderbird17.0.7+7
NVDmozilla/thunderbird_esr8 versions+7
NVDmozilla/seamonkey2.20+52

🔴Vulnerability Details

2
GHSA
GHSA-2rh5-2m29-rxgg: Mozilla Firefox before 232022-05-17
CVEList
CVE-2013-1709: Mozilla Firefox before 232013-08-07

📋Vendor Advisories

2
Ubuntu
Thunderbird vulnerabilities2013-08-07
Ubuntu
Firefox vulnerabilities2013-08-06
CVE-2013-1709 — Cross-site Scripting in Mozilla Firefox | cvebase