CVE-2013-5593 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 34.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +1 more

Timeline

PublishedOct 30

Latest updateMay 14

Description

The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDmozilla/firefox24.0+12

▶NVDmozilla/seamonkey2.22+38

▶NVDmozilla/thunderbird24.0.1+10

▶NVDmozilla/thunderbird_esr17.0.9

🔴Vulnerability Details

GHSA

GHSA-5qh6-rg6v-wmmc: The SELECT element implementation in Mozilla Firefox before 25↗2022-05-14

▶

CVEList

CVE-2013-5593: The SELECT element implementation in Mozilla Firefox before 25↗2013-10-30

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2013-10-31

▶

Ubuntu

Firefox vulnerabilities↗2013-10-29

▶

Red Hat

Mozilla: Spoofing addressbar though SELECT element (MFSA 2013-94)↗2013-10-29

▶

💬Community

Bugzilla

CVE-2013-5593 Mozilla: Spoofing addressbar though SELECT element (MFSA 2013-94)↗2013-10-28

▶