CVE-2013-1713Cross-site Scripting in Mozilla Firefox

CWE-2648 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 35.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedAug 7
Latest updateMay 17

Description

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDmozilla/firefox22.0+14
NVDmozilla/thunderbird17.0.7+7
NVDmozilla/thunderbird_esr8 versions+7
NVDmozilla/seamonkey2.20+52

🔴Vulnerability Details

2
GHSA
GHSA-pjg7-3h5g-h9f9: Mozilla Firefox before 232022-05-17
CVEList
CVE-2013-1713: Mozilla Firefox before 232013-08-07

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2013-08-07
Red Hat
Mozilla: Wrong principal used for validating URI for some Javascript components (MFSA 2013-72)2013-08-07
Ubuntu
Firefox vulnerabilities2013-08-06

💬Community

1
Bugzilla
CVE-2013-1713 Mozilla: Wrong principal used for validating URI for some Javascript components (MFSA 2013-72)2013-08-06
CVE-2013-1713 — Cross-site Scripting in Mozilla Firefox | cvebase