Published: 30/10/2013 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The SELECT element implementation in Mozilla Firefox prior to 25.0, Firefox ESR 24.x prior to 24.1, Thunderbird prior to 24.1, and SeaMonkey prior to 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote malicious users to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox esr 24.0
mozilla firefox esr 24.0.1
mozilla firefox esr 24.0.2
mozilla thunderbird 24.0
mozilla thunderbird
mozilla thunderbird 17.0.6
mozilla thunderbird 17.0.7
mozilla thunderbird 17.0
mozilla thunderbird 17.0.1
mozilla thunderbird 17.0.8
mozilla thunderbird esr 17.0.9
mozilla thunderbird 17.0.2
mozilla thunderbird 17.0.3
mozilla thunderbird 17.0.4
mozilla thunderbird 17.0.5
mozilla firefox 19.0
mozilla firefox 22.0
mozilla firefox 21.0
mozilla firefox 20.0.1
mozilla firefox 20.0
mozilla firefox
mozilla firefox 23.0.1
mozilla firefox 23.0
mozilla firefox 19.0.2
mozilla firefox 19.0.1
mozilla seamonkey 2.21
mozilla seamonkey 2.22
mozilla seamonkey 2.14
mozilla seamonkey 2.13.2
mozilla seamonkey 2.13
mozilla seamonkey 2.12.1
mozilla seamonkey 2.12
mozilla seamonkey 2.11
mozilla seamonkey 2.10.1
mozilla seamonkey 2.10
mozilla seamonkey 2.1
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.11
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0
mozilla seamonkey 2.19
mozilla seamonkey 2.18
mozilla seamonkey 2.17
mozilla seamonkey 2.16
mozilla seamonkey 2.15
mozilla seamonkey
mozilla seamonkey 2.13.1
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.1
mozilla seamonkey 2.20
mozilla seamonkey 2.16.2
mozilla seamonkey 2.16.1
mozilla seamonkey 2.15.2
mozilla seamonkey 2.15.1
mozilla seamonkey 2.0.9
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.14
mozilla seamonkey 2.17.1
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.7
mozilla seamonkey 2.0.13
mozilla seamonkey 2.0.12

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Several security issues were fixed in Thunderbird ...

Mozilla Foundation Security Advisory 2013-94 Spoofing addressbar though SELECT element Announced October 29, 2013 Reporter Jordi Chancel Impact Moderate Products Firefox, Firefox ESR, SeaMonkey, Thunderbird Fixed in ...

The SELECT element implementation in Mozilla Firefox before 250, Firefox ESR 24x before 241, Thunderbird before 241, and SeaMonkey before 222 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigati ...

CWE-20 https://bugzilla.mozilla.org/show_bug.cgi?id=868327 http://www.mozilla.org/security/announce/2013/mfsa2013-94.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html https://security.gentoo.org/glsa/201504-01 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19263 https://nvd.nist.gov https://usn.ubuntu.com/2009-1/https://access.redhat.com/security/cve/cve-2013-5593

CVE-2013-5593

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect