CVE Vulnerabilities

CVE-2013-1717

Published: Aug 07, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.4 MEDIUM
AV:N/AC:H/Au:N/C:C/I:N/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname.

Affected Software

Name Vendor Start Version End Version
Thunderbird_esr Mozilla 17.0 (including) 17.0 (including)
Thunderbird_esr Mozilla 17.0.1 (including) 17.0.1 (including)
Thunderbird_esr Mozilla 17.0.2 (including) 17.0.2 (including)
Thunderbird_esr Mozilla 17.0.3 (including) 17.0.3 (including)
Thunderbird_esr Mozilla 17.0.4 (including) 17.0.4 (including)
Thunderbird_esr Mozilla 17.0.5 (including) 17.0.5 (including)
Thunderbird_esr Mozilla 17.0.6 (including) 17.0.6 (including)
Thunderbird_esr Mozilla 17.0.7 (including) 17.0.7 (including)
Red Hat Enterprise Linux 5 RedHat thunderbird-0:17.0.8-5.el5_9 *
Red Hat Enterprise Linux 5 RedHat firefox-0:17.0.8-1.el5_9 *
Red Hat Enterprise Linux 5 RedHat xulrunner-0:17.0.8-3.el5_9 *
Red Hat Enterprise Linux 6 RedHat firefox-0:17.0.8-1.el6_4 *
Red Hat Enterprise Linux 6 RedHat xulrunner-0:17.0.8-3.el6_4 *
Red Hat Enterprise Linux 6 RedHat thunderbird-0:17.0.8-5.el6_4 *
Firefox Ubuntu devel *
Firefox Ubuntu lucid *
Firefox Ubuntu precise *
Firefox Ubuntu quantal *
Firefox Ubuntu raring *
Firefox Ubuntu upstream *
Thunderbird Ubuntu devel *
Thunderbird Ubuntu lucid *
Thunderbird Ubuntu precise *
Thunderbird Ubuntu quantal *
Thunderbird Ubuntu raring *
Thunderbird Ubuntu upstream *

References