CVE-2013-1727
Mozilla Firefox < 23.0.1 - XSS
Title source: ruleDescription
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Takeshi Terada · javaremotemultiple
https://www.exploit-db.com/exploits/38766
References (5)
Scores
EPSS
0.0224
EPSS Percentile
84.3%
Classification
CWE
CWE-79
Status
draft
Affected Products (9)
mozilla/firefox
< 23.0.1
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
mozilla/firefox
Timeline
Published
Sep 18, 2013
Tracked Since
Feb 18, 2026