CVE-2013-1727

Mozilla Firefox < 23.0.1 - XSS

Title source: rule

Description

Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Takeshi Terada · javaremotemultiple

https://www.exploit-db.com/exploits/38766

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://www.mozilla.org/security/announce/2013/mfsa2013-84.html

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=782581

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html

Scores

EPSS 0.0224

EPSS Percentile 84.6%

Details

CWE

CWE-79

Status published

Products (9)

mozilla/firefox 19.0

mozilla/firefox 19.0.1

mozilla/firefox 19.0.2

mozilla/firefox 20.0

mozilla/firefox 20.0.1

mozilla/firefox 21.0

mozilla/firefox 22.0

mozilla/firefox 23.0

mozilla/firefox < 23.0.1

Published Sep 18, 2013

Tracked Since Feb 18, 2026