CVE-2013-1695
Firefox < 21.0 - Sandbox Bypass via FRAME Element in IFRAME
Title source: llmDescription
Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1890-1
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2013/mfsa2013-57.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16433
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=849791
Scores
EPSS
0.0265
EPSS Percentile
83.9%
Details
CWE
CWE-264
Status
published
Products (6)
mozilla/firefox
19.0
mozilla/firefox
19.0.1
mozilla/firefox
19.0.2
mozilla/firefox
20.0
mozilla/firefox
20.0.1
mozilla/firefox
< 21.0
Published
Jun 26, 2013
Tracked Since
Feb 18, 2026