CVE-2013-1717

2013-08-0701:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-1717

mozilla firefox

thunderbird

seamonkey

java applets

file access restriction

nvd

6.4 Medium

AI Score

Confidence

Low

5.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

0.008 Low

EPSS

Percentile

81.9%

JSON

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname.

CPENameOperatorVersion
mozilla:thunderbird_esrmozilla thunderbird esreq17.0.1
mozilla:thunderbird_esrmozilla thunderbird esreq17.0.2
mozilla:thunderbird_esrmozilla thunderbird esreq17.0.3
mozilla:thunderbird_esrmozilla thunderbird esreq17.0.7
mozilla:thunderbird_esrmozilla thunderbird esreq17.0.5
mozilla:thunderbird_esrmozilla thunderbird esreq17.0.6
mozilla:thunderbird_esrmozilla thunderbird esreq17.0.4
mozilla:thunderbird_esrmozilla thunderbird esreq17.0
mozilla:firefoxmozilla firefoxeq19.0
mozilla:firefoxmozilla firefoxeq19.0.2

CPE	Name	Operator	Version
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	17.0.1
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	17.0.2
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	17.0.3
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	17.0.7
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	17.0.5
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	17.0.6
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	17.0.4
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	17.0
mozilla:firefox	mozilla firefox	eq	19.0
mozilla:firefox	mozilla firefox	eq	19.0.2