CVE-2013-0776

Mozilla Firefox <19 - Info Disclosure

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.

References (11)

Core 11
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2699
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1729-1
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1729-2
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1748-1
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=796475
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0271.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0272.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html

Scores

EPSS 0.0130
EPSS Percentile 66.7%

Details

CWE
CWE-295
Status published
Products (21)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 11.10
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
debian/debian_linux 7.0
mozilla/firefox < 17.0.3
mozilla/seamonkey < 2.16
mozilla/thunderbird < 17.0.3
mozilla/thunderbird_esr < 17.0.3
opensuse/opensuse 11.4
... and 11 more
Published Feb 19, 2013
Tracked Since Feb 18, 2026