Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1727Cross-site Scripting in Mozilla Firefox

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
2.2%
top 15.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mozilla Firefox
Timeline
PublishedSep 18
Latest updateMay 17

Description

Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages1 packages

NVDmozilla/firefox23.0.1+8

🔴Vulnerability Details

1
GHSA
GHSA-326p-64jj-2g84: Mozilla Firefox before 242022-05-17

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass2013-09-17