CVE-2013-0758

Mozilla Firefox <18 - XSS

Title source: llm

Description

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/41684
exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalmultiple
https://www.exploit-db.com/exploits/41683

References (12)

Scores

EPSS 0.8737
EPSS Percentile 99.5%

Details

CWE
CWE-94
Status published
Products (26)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 11.10
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
mozilla/firefox < 18.0
mozilla/seamonkey < 2.15
mozilla/thunderbird < 17.0.2
mozilla/thunderbird_esr 10.0 - 10.0.12
opensuse/opensuse 11.4
opensuse/opensuse 12.1
... and 16 more
Published Jan 13, 2013
Tracked Since Feb 18, 2026