Published: 07/08/2013 Updated: 19/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The XrayWrapper implementation in Mozilla Firefox prior to 23.0 and SeaMonkey prior to 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla seamonkey 2.19
mozilla seamonkey 2.0
mozilla seamonkey 2.0.11
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.7
mozilla seamonkey 2.1
mozilla seamonkey 2.10.1
mozilla seamonkey 2.11
mozilla seamonkey 2.12
mozilla seamonkey 2.13
mozilla seamonkey 2.14
mozilla seamonkey 2.15
mozilla seamonkey 2.16
mozilla seamonkey 2.17
mozilla seamonkey 2.3
mozilla seamonkey 2.4
mozilla seamonkey 2.4.1
mozilla seamonkey 2.6
mozilla seamonkey 2.18
mozilla seamonkey 2.0.13
mozilla seamonkey 2.0.14
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.9
mozilla seamonkey 2.2
mozilla seamonkey 2.3.1
mozilla seamonkey 2.3.2
mozilla seamonkey 2.5
mozilla seamonkey 2.7.1
mozilla seamonkey 2.7.2
mozilla seamonkey 2.8
mozilla seamonkey 2.9
mozilla seamonkey 2.7
mozilla seamonkey 2.9.1
mozilla seamonkey
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.3
mozilla seamonkey 2.10
mozilla seamonkey 2.15.1
mozilla seamonkey 2.15.2
mozilla seamonkey 2.16.1
mozilla seamonkey 2.16.2
mozilla seamonkey 2.3.3
mozilla seamonkey 2.6.1
mozilla seamonkey 2.20
mozilla seamonkey 2.17.1
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.5
mozilla seamonkey 2.12.1
mozilla seamonkey 2.13.1
mozilla seamonkey 2.13.2
mozilla firefox
mozilla firefox 19.0
mozilla firefox 19.0.1
mozilla firefox 19.0.2
mozilla firefox 20.0
mozilla firefox 20.0.1
mozilla firefox 21.0

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

This update provides compatible packages for Firefox 23 ...

Mozilla Foundation Security Advisory 2013-70 Bypass of XrayWrappers using XBL Scopes Announced August 6, 2013 Reporter Bobby Holley, moz_bug_r_a4 Impact Moderate Products Firefox, SeaMonkey Fixed in ...

The XrayWrapper implementation in Mozilla Firefox before 230 and SeaMonkey before 220 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object ...

CWE-79 https://bugzilla.mozilla.org/show_bug.cgi?id=843829 http://www.mozilla.org/security/announce/2013/mfsa2013-70.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18830 https://nvd.nist.gov https://usn.ubuntu.com/1924-1/https://access.redhat.com/security/cve/cve-2013-1711

CVE-2013-1711

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect