Lucene search

K

MozillaCVELIST:CVE-2013-0757

HistoryJan 13, 2013 - 8:00 p.m.

CVE-2013-0757

2013-01-1320:00:00

mozilla

www.cve.org

9.3 High

AI Score

Confidence

High

0.095 Low

EPSS

Percentile

94.8%

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.proto in a crafted HTML document.

References

lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html

www.mozilla.org/security/announce/2013/mfsa2013-14.html

www.ubuntu.com/usn/USN-1681-1

www.ubuntu.com/usn/USN-1681-2

www.ubuntu.com/usn/USN-1681-4

bugzilla.mozilla.org/show_bug.cgi?id=813901

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16939

9.3 High

AI Score

Confidence

High

0.095 Low

EPSS

Percentile

94.8%

Related for CVELIST:CVE-2013-0757

ubuntucve1 mozilla1 prion1 openvas19 cve1 nvd1 metasploit1 zdt2 checkpoint_advisories1 exploitdb1 nessus25 suse7 securityvulns1 freebsd1 ubuntu4 gentoo1