Back to search
CVE-2013-5593
Published: Oct 30, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
openSUSE-SU-2013:1633
vendor-advisory
x_refsource_SUSE
GLSA-201504-01
vendor-advisory
x_refsource_GENTOO
oval:org.mitre.oval:def:19263
vdb-entry
signature
x_refsource_OVAL
openSUSE-SU-2013:1634
vendor-advisory
x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=868327
x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2013/mfsa2013-94.html
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now