CVE-2013-1714Cross-site Scripting in Mozilla Firefox

CWE-2647 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
1.1%
top 22.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedAug 7
Latest updateMay 17

Description

The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDmozilla/firefox22.0+14
NVDmozilla/thunderbird17.0.7+7
NVDmozilla/thunderbird_esr8 versions+7
NVDmozilla/seamonkey2.20+52

🔴Vulnerability Details

2
GHSA
GHSA-p7q2-jcwm-cgcm: The Web Workers implementation in Mozilla Firefox before 232022-05-17
CVEList
CVE-2013-1714: The Web Workers implementation in Mozilla Firefox before 232013-08-07

📋Vendor Advisories

3
Red Hat
Mozilla: Same-origin bypass with web workers and XMLHttpRequest (MFSA 2013-73)2013-08-07
Ubuntu
Thunderbird vulnerabilities2013-08-07
Ubuntu
Firefox vulnerabilities2013-08-06

💬Community

1
Bugzilla
CVE-2013-1714 Mozilla: Same-origin bypass with web workers and XMLHttpRequest (MFSA 2013-73)2013-08-06
CVE-2013-1714 — Cross-site Scripting in Mozilla Firefox | cvebase