CVE-2013-0759
Mozilla Firefox <18 - CSRF
Title source: llmDescription
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code.
References (12)
Scores
EPSS
0.0137
EPSS Percentile
80.0%
Classification
CWE
CWE-287
Status
draft
Affected Products (27)
mozilla/firefox
< 18.0
mozilla/seamonkey
< 2.15
mozilla/thunderbird
< 17.0.2
mozilla/thunderbird_esr
< 10.0.12
opensuse/opensuse
opensuse/opensuse
opensuse/opensuse
suse/linux_enterprise_desktop
suse/linux_enterprise_desktop
suse/linux_enterprise_server
suse/linux_enterprise_server
suse/linux_enterprise_server
suse/linux_enterprise_software_development_kit
suse/linux_enterprise_software_development_kit
redhat/enterprise_linux_desktop
... and 12 more
Timeline
Published
Jan 13, 2013
Tracked Since
Feb 18, 2026