CVE-2013-5611 — Mozilla Firefox vulnerability

7 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

1.2%

top 21.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Canonical Ubuntu Linux Fedoraproject Fedora +6 more

Timeline

PublishedDec 11

Latest updateMay 14

Description

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages7 packages

▶NVDmozilla/firefox25.0.1+196

▶NVDoracle/solaris11.3

▶NVDopensuse/opensuse13.1

▶NVDopensuse_project/opensuse11.4, 12.3+1

▶NVDsuse/linux_enterprise_server11

Also affects: Fedora 19, 20, Ubuntu Linux 12.04, 12.10, 13.04, 13.10

🔴Vulnerability Details

GHSA

GHSA-3v2g-q648-8v38: Mozilla Firefox before 26↗2022-05-14

▶

CVEList

CVE-2013-5611: Mozilla Firefox before 26↗2013-12-11

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2013-12-11

▶

Red Hat

Mozilla: Application Installation doorhanger persists on navigation (MFSA 2013-105)↗2013-12-10

▶

💬Community

Bugzilla

CVE-2013-5611 Mozilla: Application Installation doorhanger persists on navigation (MFSA 2013-105)↗2013-12-09

▶

Bugzilla

mysql: Oracle CPU January 2013↗2013-01-15

▶