Lucene search

K

MozillaCVELIST:CVE-2013-0757

HistoryJan 13, 2013 - 8:00 p.m.

CVE-2013-0757

2013-01-1320:00:00

mozilla

www.cve.org

9.3 High

AI Score

Confidence

High

0.095 Low

EPSS

Percentile

94.8%

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.proto in a crafted HTML document.

References

lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html

lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html

www.mozilla.org/security/announce/2013/mfsa2013-14.html

www.ubuntu.com/usn/USN-1681-1

www.ubuntu.com/usn/USN-1681-2

www.ubuntu.com/usn/USN-1681-4

bugzilla.mozilla.org/show_bug.cgi?id=813901

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16939

9.3 High

AI Score

Confidence

High

0.095 Low

EPSS

Percentile

94.8%

Related for CVELIST:CVE-2013-0757

mozilla1 prion1 ubuntucve1 nvd1 cve1 openvas19 checkpoint_advisories1 zdt2 metasploit1 exploitdb1 nessus25 suse7 ubuntu4 freebsd1 securityvulns1 gentoo1