Lucene search

[email protected]CVE-2013-5612

HistoryDec 11, 2013 - 3:55 p.m.

CVE-2013-5612

2013-12-1115:55:12

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-5612

xss

cross-site scripting

mozilla firefox

seamonkey

same origin policy

http header

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.7%

JSON

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

Affected configurations

NVD

Node

mozillafirefoxRange<26.0

mozillaseamonkeyRange<2.23

Node

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

Node

oraclesolarisMatch11.3

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.04

canonicalubuntu_linuxMatch13.10

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.5

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.5

redhatenterprise_linux_server_eusMatch6.5

redhatenterprise_linux_server_tusMatch6.5

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch12.2

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_serverMatch11sp3-

suselinux_enterprise_serverMatch11sp3vmware

suselinux_enterprise_software_development_kitMatch11sp3

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt26.0
mozilla:seamonkeymozilla seamonkeylt2.23

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	lt	26.0
mozilla:seamonkey	mozilla seamonkey	lt	2.23

References

lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html

lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html

lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html

lists.opensuse.org/opensuse-updates/2013-12/msg00085.html

lists.opensuse.org/opensuse-updates/2013-12/msg00086.html

lists.opensuse.org/opensuse-updates/2013-12/msg00087.html

lists.opensuse.org/opensuse-updates/2014-01/msg00002.html

rhn.redhat.com/errata/RHSA-2013-1812.html

www.mozilla.org/security/announce/2013/mfsa2013-106.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/64205

www.securitytracker.com/id/1029470

www.securitytracker.com/id/1029476

www.ubuntu.com/usn/USN-2052-1

bugzilla.mozilla.org/show_bug.cgi?id=871161

security.gentoo.org/glsa/201504-01

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.7%

JSON

Related for CVE-2013-5612

ubuntucve1 seebug1 veracode6 nvd1 prion1 cvelist1 openvas27 mozilla1 oraclelinux2 nessus25 centos2 redhat2 ibm2 suse3 freebsd1 ubuntu1 securityvulns1 mageia1 gentoo1