CVE Vulnerabilities

CVE-2013-6666

Published: Mar 05, 2014 | Modified: Jan 07, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header.

Affected Software

Name Vendor Start Version End Version
Chrome Google 33.0.1750.0 33.0.1750.0
Chrome Google 33.0.1750.1 33.0.1750.1
Chrome Google 33.0.1750.2 33.0.1750.2
Chrome Google 33.0.1750.3 33.0.1750.3
Chrome Google 33.0.1750.4 33.0.1750.4
Chrome Google 33.0.1750.5 33.0.1750.5
Chrome Google 33.0.1750.6 33.0.1750.6
Chrome Google 33.0.1750.7 33.0.1750.7
Chrome Google 33.0.1750.8 33.0.1750.8
Chrome Google 33.0.1750.9 33.0.1750.9
Chrome Google 33.0.1750.10 33.0.1750.10
Chrome Google 33.0.1750.11 33.0.1750.11
Chrome Google 33.0.1750.12 33.0.1750.12
Chrome Google 33.0.1750.13 33.0.1750.13
Chrome Google 33.0.1750.14 33.0.1750.14
Chrome Google 33.0.1750.15 33.0.1750.15
Chrome Google 33.0.1750.16 33.0.1750.16
Chrome Google 33.0.1750.18 33.0.1750.18
Chrome Google 33.0.1750.19 33.0.1750.19
Chrome Google 33.0.1750.20 33.0.1750.20
Chrome Google 33.0.1750.21 33.0.1750.21
Chrome Google 33.0.1750.22 33.0.1750.22
Chrome Google 33.0.1750.23 33.0.1750.23
Chrome Google 33.0.1750.24 33.0.1750.24
Chrome Google 33.0.1750.25 33.0.1750.25
Chrome Google 33.0.1750.26 33.0.1750.26
Chrome Google 33.0.1750.27 33.0.1750.27
Chrome Google 33.0.1750.28 33.0.1750.28
Chrome Google 33.0.1750.29 33.0.1750.29
Chrome Google 33.0.1750.30 33.0.1750.30
Chrome Google 33.0.1750.31 33.0.1750.31
Chrome Google 33.0.1750.34 33.0.1750.34
Chrome Google 33.0.1750.35 33.0.1750.35
Chrome Google 33.0.1750.36 33.0.1750.36
Chrome Google 33.0.1750.37 33.0.1750.37
Chrome Google 33.0.1750.38 33.0.1750.38
Chrome Google 33.0.1750.39 33.0.1750.39
Chrome Google 33.0.1750.40 33.0.1750.40
Chrome Google 33.0.1750.41 33.0.1750.41
Chrome Google 33.0.1750.42 33.0.1750.42
Chrome Google 33.0.1750.43 33.0.1750.43
Chrome Google 33.0.1750.44 33.0.1750.44
Chrome Google 33.0.1750.45 33.0.1750.45
Chrome Google 33.0.1750.46 33.0.1750.46
Chrome Google 33.0.1750.47 33.0.1750.47
Chrome Google 33.0.1750.48 33.0.1750.48
Chrome Google 33.0.1750.49 33.0.1750.49
Chrome Google 33.0.1750.50 33.0.1750.50
Chrome Google 33.0.1750.51 33.0.1750.51
Chrome Google 33.0.1750.52 33.0.1750.52
Chrome Google 33.0.1750.53 33.0.1750.53
Chrome Google 33.0.1750.54 33.0.1750.54
Chrome Google 33.0.1750.55 33.0.1750.55
Chrome Google 33.0.1750.56 33.0.1750.56
Chrome Google 33.0.1750.57 33.0.1750.57
Chrome Google 33.0.1750.58 33.0.1750.58
Chrome Google 33.0.1750.59 33.0.1750.59
Chrome Google 33.0.1750.60 33.0.1750.60
Chrome Google 33.0.1750.61 33.0.1750.61
Chrome Google 33.0.1750.62 33.0.1750.62
Chrome Google 33.0.1750.63 33.0.1750.63
Chrome Google 33.0.1750.64 33.0.1750.64
Chrome Google 33.0.1750.65 33.0.1750.65
Chrome Google 33.0.1750.66 33.0.1750.66
Chrome Google 33.0.1750.67 33.0.1750.67
Chrome Google 33.0.1750.68 33.0.1750.68
Chrome Google 33.0.1750.69 33.0.1750.69
Chrome Google 33.0.1750.70 33.0.1750.70
Chrome Google 33.0.1750.71 33.0.1750.71
Chrome Google 33.0.1750.73 33.0.1750.73
Chrome Google 33.0.1750.74 33.0.1750.74
Chrome Google 33.0.1750.75 33.0.1750.75
Chrome Google 33.0.1750.76 33.0.1750.76
Chrome Google 33.0.1750.77 33.0.1750.77
Chrome Google 33.0.1750.79 33.0.1750.79
Chrome Google 33.0.1750.80 33.0.1750.80
Chrome Google 33.0.1750.81 33.0.1750.81
Chrome Google 33.0.1750.82 33.0.1750.82
Chrome Google 33.0.1750.83 33.0.1750.83
Chrome Google 33.0.1750.85 33.0.1750.85
Chrome Google 33.0.1750.88 33.0.1750.88
Chrome Google 33.0.1750.89 33.0.1750.89
Chrome Google 33.0.1750.90 33.0.1750.90
Chrome Google 33.0.1750.91 33.0.1750.91
Chrome Google 33.0.1750.92 33.0.1750.92
Chrome Google 33.0.1750.93 33.0.1750.93
Chrome Google 33.0.1750.104 33.0.1750.104
Chrome Google 33.0.1750.106 33.0.1750.106
Chrome Google 33.0.1750.107 33.0.1750.107
Chrome Google 33.0.1750.108 33.0.1750.108
Chrome Google 33.0.1750.109 33.0.1750.109
Chrome Google 33.0.1750.110 33.0.1750.110
Chrome Google 33.0.1750.111 33.0.1750.111
Chrome Google 33.0.1750.112 33.0.1750.112
Chrome Google 33.0.1750.113 33.0.1750.113
Chrome Google 33.0.1750.115 33.0.1750.115
Chrome Google 33.0.1750.116 33.0.1750.116
Chrome Google 33.0.1750.117 33.0.1750.117
Chrome Google 33.0.1750.124 33.0.1750.124
Chrome Google 33.0.1750.125 33.0.1750.125
Chrome Google 33.0.1750.126 33.0.1750.126
Chrome Google 33.0.1750.132 33.0.1750.132
Chrome Google 33.0.1750.133 33.0.1750.133
Chrome Google 33.0.1750.135 33.0.1750.135
Chrome Google 33.0.1750.136 33.0.1750.136
Chrome Google * 33.0.1750.144
Chromium-browser Ubuntu devel *
Chromium-browser Ubuntu lucid *
Chromium-browser Ubuntu precise *
Chromium-browser Ubuntu quantal *
Chromium-browser Ubuntu saucy *
Chromium-browser Ubuntu upstream *

References