CVE-2013-1695

Firefox < 21.0 - Sandbox Bypass via FRAME Element in IFRAME

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.

References (6)

Core 6
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1890-1
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16433
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=849791

Scores

EPSS 0.0265
EPSS Percentile 83.9%

Details

CWE
CWE-264
Status published
Products (6)
mozilla/firefox 19.0
mozilla/firefox 19.0.1
mozilla/firefox 19.0.2
mozilla/firefox 20.0
mozilla/firefox 20.0.1
mozilla/firefox < 21.0
Published Jun 26, 2013
Tracked Since Feb 18, 2026