Back to search
CVE-2013-1670
Published: May 16, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:17046
vdb-entry
signature
x_refsource_OVAL
DSA-2699
vendor-advisory
x_refsource_DEBIAN
MDVSA-2013:165
vendor-advisory
x_refsource_MANDRIVA
https://bugzilla.mozilla.org/show_bug.cgi?id=853709
x_refsource_CONFIRM
openSUSE-SU-2013:0825
vendor-advisory
x_refsource_SUSE
http://www.mozilla.org/security/announce/2013/mfsa2013-42.html
x_refsource_CONFIRM
USN-1823-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2013:0821
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2013:0929
vendor-advisory
x_refsource_SUSE
93427
vdb-entry
x_refsource_OSVDB
34363
exploit
x_refsource_EXPLOIT-DB
openSUSE-SU-2013:0831
vendor-advisory
x_refsource_SUSE
59865
vdb-entry
x_refsource_BID
RHSA-2013:0820
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2013:0834
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2013:0946
vendor-advisory
x_refsource_SUSE
USN-1822-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now