The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
21 Nov 2024, 01:48
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html - | |
References | () http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2013-0696.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2013-0697.html - | |
References | () http://www.debian.org/security/2013/dsa-2699 - | |
References | () http://www.mozilla.org/security/announce/2013/mfsa2013-36.html - Vendor Advisory | |
References | () http://www.ubuntu.com/usn/USN-1791-1 - | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=825697 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16842 - |
21 Oct 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:17.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:17.0:*:*:*:*:*:*:* |
21 Oct 2024, 13:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:17.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:17.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:17.0.2:*:*:*:*:*:*:* |
Information
Published : 2013-04-03 11:56
Updated : 2024-11-21 01:48
NVD link : CVE-2013-0795
Mitre link : CVE-2013-0795
CVE.ORG link : CVE-2013-0795
JSON object : View
Products Affected
mozilla
- firefox
- thunderbird
- seamonkey
- thunderbird_esr
CWE
CWE-264
Permissions, Privileges, and Access Controls