CVE-2013-1711Cross-site Scripting in Mozilla Firefox

CWE-79Cross-site Scripting6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
1.9%
top 16.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedAug 7
Latest updateMay 17

Description

The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox22.0+6
NVDmozilla/seamonkey2.20+52

🔴Vulnerability Details

2
GHSA
GHSA-4w5q-gccf-crf5: The XrayWrapper implementation in Mozilla Firefox before 232022-05-17
CVEList
CVE-2013-1711: The XrayWrapper implementation in Mozilla Firefox before 232013-08-07

📋Vendor Advisories

2
Ubuntu
Firefox vulnerabilities2013-08-06
Red Hat
Mozilla: Bypass of XrayWrappers using XBL Scopes (MFSA 2013-70)2013-08-06

💬Community

1
Bugzilla
CVE-2013-1711 Mozilla: Bypass of XrayWrappers using XBL Scopes (MFSA 2013-70)2013-08-07
CVE-2013-1711 — Cross-site Scripting in Mozilla Firefox | cvebase