CVE Vulnerabilities

CVE-2013-1696

Published: Jun 26, 2013 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu

Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla 19.0 19.0
Firefox Mozilla 19.0.1 19.0.1
Firefox Mozilla 19.0.2 19.0.2
Firefox Mozilla 20.0 20.0
Firefox Mozilla 20.0.1 20.0.1
Firefox Mozilla * 21.0
Firefox Ubuntu lucid *
Firefox Ubuntu precise *
Firefox Ubuntu quantal *
Firefox Ubuntu raring *
Firefox Ubuntu upstream *

References