Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1710Improper Input Validation in Mozilla Firefox

CWE-20Improper Input ValidationCWE-79Cross-site Scripting11 documents9 sources
Severity
10.0CRITICALNVD
EPSS
76.5%
top 1.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedAug 7
Latest updateMay 17

Description

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox22.0+14
NVDmozilla/thunderbird17.0.7+7
NVDmozilla/thunderbird_esr8 versions+7
NVDmozilla/seamonkey2.20+52

🔴Vulnerability Details

3
GHSA
GHSA-q7cm-8gjh-863h: The crypto2022-05-17
CVEList
CVE-2013-1710: The crypto2013-08-07
VulnCheck
Mozilla seamonkey Improper Input Validation2013

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)2013-08-06

🔍Detection Rules

1
Suricata
ET WEB_CLIENT Possible CVE-2013-1710/CVE-2012-3993 Firefox Exploit Attempt2015-05-08

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2013-08-07
Red Hat
Mozilla: CRMF requests allow for code execution and XSS attacks (MFSA 2013-69)2013-08-07
Ubuntu
Firefox vulnerabilities2013-08-06

💬Community

2
Bugzilla
CVE-2013-1710 Mozilla: CRMF requests allow for code execution and XSS attacks (MFSA 2013-69)2013-08-06
Bugzilla
CVE-2013-2209 ReviewBoard: Stored XSS due improper sanitization of user's full name in the reviews dropdown2013-06-24
CVE-2013-1710 — Improper Input Validation in Mozilla | cvebase