Published: 11/12/2013 Updated: 21/08/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Mozilla Firefox prior to 26.0 and SeaMonkey prior to 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote malicious users to bypass intended sandbox restrictions via a crafted web site.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla seamonkey
fedoraproject fedora 19
fedoraproject fedora 20
oracle solaris 11.3
canonical ubuntu linux 12.04
canonical ubuntu linux 12.10
canonical ubuntu linux 13.04
canonical ubuntu linux 13.10
redhat enterprise linux desktop 5.0
redhat enterprise linux desktop 6.0
redhat enterprise linux eus 6.5
redhat enterprise linux server 5.0
redhat enterprise linux server 6.0
redhat enterprise linux server aus 6.5
redhat enterprise linux server eus 6.5
redhat enterprise linux server tus 6.5
redhat enterprise linux workstation 5.0
redhat enterprise linux workstation 6.0
opensuse opensuse 12.2
opensuse opensuse 12.3
opensuse opensuse 13.1
suse linux enterprise desktop 11
suse linux enterprise server 11
suse linux enterprise software development kit 11

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common Vulner ...

Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An updated thunderbird package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant security impact ...

Mozilla Foundation Security Advisory 2013-107 Sandbox restrictions not applied to nested object elements Announced December 10, 2013 Reporter Daniel Veditz Impact Low Products Firefox, SeaMonkey Fixed in ...

Mozilla Firefox before 260 and SeaMonkey before 223 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site ...

CWE-1021 https://bugzilla.mozilla.org/show_bug.cgi?id=886262 http://www.mozilla.org/security/announce/2013/mfsa2013-107.html http://www.ubuntu.com/usn/USN-2052-1 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html http://rhn.redhat.com/errata/RHSA-2013-1812.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://www.securitytracker.com/id/1029470 http://www.securitytracker.com/id/1029476 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://security.gentoo.org/glsa/201504-01 https://usn.ubuntu.com/2052-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-5614

CVE-2013-5614

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect