CVE-2013-5614 — UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021 — UI Misrepresentation / Clickjacking6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 48.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Canonical Ubuntu Linux +13 more

Timeline

PublishedDec 11

Latest updateMay 13

Description

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages10 packages

▶NVDmozilla/firefox< 26.0

▶NVDmozilla/seamonkey< 2.23

▶NVDoracle/solaris11.3

▶NVDopensuse/opensuse12.2, 12.3, 13.1+2

▶NVDsuse/linux_enterprise_server11

Also affects: Fedora 19, 20, Ubuntu Linux 12.04, 12.10, 13.04, 13.10, Enterprise Linux 6.5

🔴Vulnerability Details

GHSA

GHSA-c7p8-vcch-9rf2: Mozilla Firefox before 26↗2022-05-13

▶

CVEList

CVE-2013-5614: Mozilla Firefox before 26↗2013-12-11

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2013-12-11

▶

Red Hat

Mozilla: Sandbox restrictions not applied to nested object elements (MFSA 2013-107)↗2013-12-10

▶

💬Community

Bugzilla

CVE-2013-5614 Mozilla: Sandbox restrictions not applied to nested object elements (MFSA 2013-107)↗2013-12-09

▶