CVE-2013-1727

Firefox < 24.0 - Same Origin Policy Bypass and Cross-Site Scripting via Symlink and file: URL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1727. PoCs published by Takeshi Terada.

AI-analyzed exploit summary This exploit leverages a same-origin policy bypass in Mozilla Firefox (CVE-2013-1727) by creating a malicious HTML file, forcing Firefox to load it, and then replacing it with a symbolic link to steal sensitive data (profiles.ini). The attack relies on Android's file system manipulation and intent-based app invocation.

Description

Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Takeshi Terada · javaremotemultiple

https://www.exploit-db.com/exploits/38766

View Code ZIP pw:eip

This exploit leverages a same-origin policy bypass in Mozilla Firefox (CVE-2013-1727) by creating a malicious HTML file, forcing Firefox to load it, and then replacing it with a symbolic link to steal sensitive data (profiles.ini). The attack relies on Android's file system manipulation and intent-based app invocation.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Mozilla Firefox < 24.0

No auth needed

Prerequisites: Android device with malicious app installed · Firefox installed on the same device

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2013/mfsa2013-84.html

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=782581

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html

Scores

EPSS 0.0519

EPSS Percentile 91.4%

Details

CWE

CWE-79

Status published

Products (9)

mozilla/firefox 19.0

mozilla/firefox 19.0.1

mozilla/firefox 19.0.2

mozilla/firefox 20.0

mozilla/firefox 20.0.1

mozilla/firefox 21.0

mozilla/firefox 22.0

mozilla/firefox 23.0

mozilla/firefox < 23.0.1

Published Sep 18, 2013

Tracked Since Feb 18, 2026