CVE Vulnerabilities

CVE-2013-1687

Published: Jun 26, 2013 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
6.8 CRITICAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 21.0 (including)
Firefox Mozilla 19.0 (including) 19.0 (including)
Firefox Mozilla 19.0.1 (including) 19.0.1 (including)
Firefox Mozilla 19.0.2 (including) 19.0.2 (including)
Firefox Mozilla 20.0 (including) 20.0 (including)
Firefox Mozilla 20.0.1 (including) 20.0.1 (including)
Red Hat Enterprise Linux 5 RedHat thunderbird-0:17.0.7-1.el5_9 *
Red Hat Enterprise Linux 5 RedHat firefox-0:17.0.7-1.el5_9 *
Red Hat Enterprise Linux 5 RedHat xulrunner-0:17.0.7-1.el5_9 *
Red Hat Enterprise Linux 6 RedHat firefox-0:17.0.7-1.el6_4 *
Red Hat Enterprise Linux 6 RedHat xulrunner-0:17.0.7-1.el6_4 *
Red Hat Enterprise Linux 6 RedHat thunderbird-0:17.0.7-1.el6_4 *
Firefox Ubuntu lucid *
Firefox Ubuntu precise *
Firefox Ubuntu quantal *
Firefox Ubuntu raring *
Firefox Ubuntu upstream *
Seamonkey Ubuntu lucid *
Thunderbird Ubuntu devel *
Thunderbird Ubuntu lucid *
Thunderbird Ubuntu precise *
Thunderbird Ubuntu quantal *
Thunderbird Ubuntu raring *
Thunderbird Ubuntu upstream *
Xulrunner-1.9.2 Ubuntu lucid *

References