Lucene search

[email protected]CVE-2013-5614

HistoryDec 11, 2013 - 3:55 p.m.

CVE-2013-5614

2013-12-1115:55:12

CWE-1021

[email protected]

web.nvd.nist.gov

cve-2013-5614

mozilla

firefox

seamonkey

sandbox

bypass

security vulnerability

9.1 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.9%

JSON

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

Affected configurations

NVD

Node

mozillafirefoxRange<26.0

mozillaseamonkeyRange<2.23

Node

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

Node

oraclesolarisMatch11.3

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.04

canonicalubuntu_linuxMatch13.10

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.5

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.5

redhatenterprise_linux_server_eusMatch6.5

redhatenterprise_linux_server_tusMatch6.5

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch12.2

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_serverMatch11sp3-

suselinux_enterprise_serverMatch11sp3vmware

suselinux_enterprise_software_development_kitMatch11sp3

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt26.0
mozilla:seamonkeymozilla seamonkeylt2.23

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	lt	26.0
mozilla:seamonkey	mozilla seamonkey	lt	2.23

References

lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html

lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html

lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html

lists.opensuse.org/opensuse-updates/2013-12/msg00085.html

lists.opensuse.org/opensuse-updates/2013-12/msg00086.html

lists.opensuse.org/opensuse-updates/2013-12/msg00087.html

lists.opensuse.org/opensuse-updates/2014-01/msg00002.html

rhn.redhat.com/errata/RHSA-2013-1812.html

www.mozilla.org/security/announce/2013/mfsa2013-107.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securitytracker.com/id/1029470

www.securitytracker.com/id/1029476

www.ubuntu.com/usn/USN-2052-1

bugzilla.mozilla.org/show_bug.cgi?id=886262

security.gentoo.org/glsa/201504-01

9.1 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.9%

JSON

Related for CVE-2013-5614

cvelist1 prion1 mozilla1 ubuntucve1 openvas27 nvd1 veracode5 oraclelinux2 nessus25 redhat2 centos2 suse3 ibm2 freebsd1 securityvulns1 ubuntu1 mageia1 gentoo1