CVE-2013-1737 — Mozilla Firefox vulnerability

CWE-2647 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 38.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +1 more

Timeline

PublishedSep 18

Latest updateMay 17

Description

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDmozilla/firefox23.0.1+17

▶NVDmozilla/thunderbird17.0.9+9

▶NVDmozilla/thunderbird_esr9 versions+8

▶NVDmozilla/seamonkey2.20+36

🔴Vulnerability Details

GHSA

GHSA-cmgg-ggj8-p45q: Mozilla Firefox before 24↗2022-05-17

▶

CVEList

CVE-2013-1737: Mozilla Firefox before 24↗2013-09-18

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2013-09-18

▶

Ubuntu

Firefox vulnerabilities↗2013-09-17

▶

Red Hat

Mozilla: User-defined properties on DOM proxies get the wrong "this" object (MFSA 2013-91)↗2013-09-17

▶

💬Community

Bugzilla

CVE-2013-1737 Mozilla: User-defined properties on DOM proxies get the wrong "this" object (MFSA 2013-91)↗2013-09-17

▶