Published: 03/04/2013 Updated: 19/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Mozilla Firefox prior to 20.0, Firefox ESR 17.x prior to 17.0.5, Thunderbird prior to 17.0.5, Thunderbird ESR 17.x prior to 17.0.5, and SeaMonkey prior to 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote malicious users to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 19.0.1
mozilla firefox
mozilla firefox 19.0
mozilla firefox esr 17.0.3
mozilla firefox esr 17.0.4
mozilla firefox esr 17.0.2
mozilla firefox esr 17.0.1
mozilla firefox esr 17.0
mozilla thunderbird 17.0.2
mozilla thunderbird 17.0
mozilla thunderbird 17.0.1
mozilla thunderbird 17.0.3
mozilla thunderbird 17.0.4
mozilla thunderbird esr 17.0.2
mozilla thunderbird esr 17.0.3
mozilla thunderbird esr 17.0
mozilla thunderbird esr 17.0.1
mozilla thunderbird esr 17.0.4
mozilla seamonkey 2.16
mozilla seamonkey 2.15
mozilla seamonkey 2.15.2
mozilla seamonkey 2.14
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0
mozilla seamonkey 2.0.5
mozilla seamonkey 2.10
mozilla seamonkey 2.11
mozilla seamonkey 2.13
mozilla seamonkey 2.12.1
mozilla seamonkey 2.0.8
mozilla seamonkey 2.12
mozilla seamonkey 2.4
mozilla seamonkey 2.4.1
mozilla seamonkey 2.13.1
mozilla seamonkey 2.3
mozilla seamonkey 2.9.1
mozilla seamonkey 2.9
mozilla seamonkey 2.17
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.14
mozilla seamonkey 2.0.10
mozilla seamonkey 2.16.1
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.7
mozilla seamonkey 2.1
mozilla seamonkey 2.2
mozilla seamonkey 2.7.1
mozilla seamonkey 2.8
mozilla seamonkey 2.5
mozilla seamonkey 2.7
mozilla seamonkey 2.0.6
mozilla seamonkey 2.13.2
mozilla seamonkey 2.3.3
mozilla seamonkey 2.3.2
mozilla seamonkey 2.6
mozilla seamonkey 2.6.1
mozilla seamonkey
mozilla seamonkey 2.16.2
mozilla seamonkey 2.15.1
mozilla seamonkey 2.0.11
mozilla seamonkey 2.0.13
mozilla seamonkey 2.10.1
mozilla seamonkey 2.0.9
mozilla seamonkey 2.3.1
mozilla seamonkey 2.7.2

Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An updated thunderbird package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant security impact ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common Vulner ...

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cro ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Several security issues were fixed in Thunderbird ...

This update provides a compatible version of Unity Firefox Extension for Firefox 20 ...

Mozilla Foundation Security Advisory 2013-38 Cross-site scripting (XSS) using timed history navigations Announced April 2, 2013 Reporter Mariusz Mlynski Impact High Products Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thun ...

Mozilla Firefox before 200, Firefox ESR 17x before 1705, Thunderbird before 1705, Thunderbird ESR 17x before 1705, and SeaMonkey before 217 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over n ...

CWE-79 http://www.mozilla.org/security/announce/2013/mfsa2013-38.html https://bugzilla.mozilla.org/show_bug.cgi?id=803870 http://rhn.redhat.com/errata/RHSA-2013-0697.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://rhn.redhat.com/errata/RHSA-2013-0696.html http://www.ubuntu.com/usn/USN-1791-1 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html http://www.debian.org/security/2013/dsa-2699 http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html http://www.securityfocus.com/bid/58837 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16928 https://access.redhat.com/errata/RHSA-2013:0697 https://nvd.nist.gov https://usn.ubuntu.com/1786-1/https://access.redhat.com/security/cve/cve-2013-0793 https://www.debian.org/security/./dsa-2699

CVE-2013-0793

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect