CVE-2013-1713

Mozilla Firefox < 23.0 and SeaMonkey < 2.20 - Cross-Site Scripting via Same Origin Policy Bypass

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site.

References (6)

Core 6
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2746
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2735
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=887098
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/61876
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18884

Scores

EPSS 0.0162
EPSS Percentile 73.4%

Details

CWE
CWE-264
Status published
Products (32)
mozilla/firefox 19.0
mozilla/firefox 19.0.1
mozilla/firefox 19.0.2
mozilla/firefox 20.0
mozilla/firefox 20.0.1
mozilla/firefox 21.0
mozilla/firefox 17.0
mozilla/firefox 17.0.1
mozilla/firefox 17.0.2
mozilla/firefox 17.0.3
... and 22 more
Published Aug 07, 2013
Tracked Since Feb 18, 2026