Lucene search

K
cveMozillaCVE-2013-0747
HistoryJan 13, 2013 - 8:55 p.m.

CVE-2013-0747

2013-01-1320:55:01
CWE-20
mozilla
web.nvd.nist.gov
58
cve-2013-0747
gpluginhandler
mozilla firefox
clickjacking
javascript
same origin policy

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9

Confidence

High

EPSS

0.015

Percentile

87.1%

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.

Affected configurations

Nvd
Node
mozillafirefoxRange<17.0.2
OR
mozillafirefoxRange<18.0
OR
mozillaseamonkeyRange<2.15
OR
mozillathunderbirdRange<17.0.2
OR
mozillathunderbird_esrRange<17.0.2
Node
opensuseopensuseMatch11.4
OR
opensuseopensuseMatch12.1
OR
opensuseopensuseMatch12.2
OR
suselinux_enterprise_desktopMatch10sp4
OR
suselinux_enterprise_desktopMatch11sp2
OR
suselinux_enterprise_serverMatch10sp4
OR
suselinux_enterprise_serverMatch11sp2-
OR
suselinux_enterprise_serverMatch11sp2vmware
OR
suselinux_enterprise_software_development_kitMatch10sp4
OR
suselinux_enterprise_software_development_kitMatch11sp2
Node
canonicalubuntu_linuxMatch10.04-
OR
canonicalubuntu_linuxMatch11.10
OR
canonicalubuntu_linuxMatch12.04esm
OR
canonicalubuntu_linuxMatch12.10
VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
mozillathunderbird_esr*cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
opensuseopensuse11.4cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
opensuseopensuse12.1cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
opensuseopensuse12.2cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
suselinux_enterprise_desktop10cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
suselinux_enterprise_desktop11cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
suselinux_enterprise_server10cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
Rows per page:
1-10 of 181

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9

Confidence

High

EPSS

0.015

Percentile

87.1%