CVE-2013-5612 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 27.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Canonical Ubuntu Linux +13 more

Timeline

PublishedDec 11

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages10 packages

▶NVDmozilla/firefox< 26.0

▶NVDmozilla/seamonkey< 2.23

▶NVDoracle/solaris11.3

▶NVDopensuse/opensuse12.2, 12.3, 13.1+2

▶NVDsuse/linux_enterprise_server11

Also affects: Fedora 19, 20, Ubuntu Linux 12.04, 12.10, 13.04, 13.10, Enterprise Linux 6.5

🔴Vulnerability Details

GHSA

GHSA-f85h-xqx2-v9xg: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26↗2022-05-13

▶

CVEList

CVE-2013-5612: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26↗2013-12-11

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2013-12-11

▶

Red Hat

Mozilla: Character encoding cross-origin XSS attack (MFSA 2013-106)↗2013-12-10

▶

💬Community

Bugzilla

CVE-2013-5612 Mozilla: Character encoding cross-origin XSS attack (MFSA 2013-106)↗2013-12-09

▶

Bugzilla

mysql: Oracle CPU January 2013↗2013-01-15

▶