CVE-2013-1717 — Mozilla Firefox vulnerability

CWE-2647 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

0.6%

top 31.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +1 more

Timeline

PublishedAug 7

Latest updateMay 17

Description

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname.

CVSS vector

AV:N/AC:H/C:C/I:N/A:NExploitability: 4.9 | Impact: 6.9

Affected Packages4 packages

▶NVDmozilla/firefox22.0+14

▶NVDmozilla/thunderbird17.0.7+7

▶NVDmozilla/thunderbird_esr8 versions+7

▶NVDmozilla/seamonkey2.20+52

🔴Vulnerability Details

GHSA

GHSA-jvg5-p24q-p89x: Mozilla Firefox before 23↗2022-05-17

▶

CVEList

CVE-2013-1717: Mozilla Firefox before 23↗2013-08-07

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2013-08-07

▶

Red Hat

Mozilla: Local Java applets may read contents of local file system (MFSA 2013-75)↗2013-08-07

▶

Ubuntu

Firefox vulnerabilities↗2013-08-06

▶

💬Community

Bugzilla

CVE-2013-1717 Mozilla: Local Java applets may read contents of local file system (MFSA 2013-75)↗2013-08-06

▶