CVE-2013-1713

2013-08-0701:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-1713

mozilla firefox

thunderbird

seamonkey

same origin policy

xss

arbitrary add-ons

nvd

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.1%

JSON

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq19.0
mozilla:firefoxmozilla firefoxeq19.0.2
mozilla:firefoxmozilla firefoxeq20.0.1
mozilla:firefoxmozilla firefoxeq19.0.1
mozilla:firefoxmozilla firefoxeq21.0
mozilla:firefoxmozilla firefoxle22.0
mozilla:firefoxmozilla firefoxeq20.0
mozilla:seamonkeymozilla seamonkeyeq2.0.10
mozilla:seamonkeymozilla seamonkeyeq2.13.1
mozilla:seamonkeymozilla seamonkeyeq2.5

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	19.0
mozilla:firefox	mozilla firefox	eq	19.0.2
mozilla:firefox	mozilla firefox	eq	20.0.1
mozilla:firefox	mozilla firefox	eq	19.0.1
mozilla:firefox	mozilla firefox	eq	21.0
mozilla:firefox	mozilla firefox	le	22.0
mozilla:firefox	mozilla firefox	eq	20.0
mozilla:seamonkey	mozilla seamonkey	eq	2.0.10
mozilla:seamonkey	mozilla seamonkey	eq	2.13.1
mozilla:seamonkey	mozilla seamonkey	eq	2.5