Lucene search
Mozilla FoundationMFSA2013-24HistoryFeb 19, 2013 - 12:00 a.m.
Web content bypass of COW and SOW security wrappers — Mozilla
2013-02-1900:00:00
Mozilla Foundation
www.mozilla.org
14
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.01 Low
EPSS
Percentile
83.3%
Mozilla developer Bobby Holley discovered that it was possible to bypass some protections in Chrome Object Wrappers (COW) and System Only Wrappers (SOW), making their prototypes mutable by web content. This could be used leak information from chrome objects and possibly allow for arbitrary code execution.
Affected configurations
Node
mozillafirefoxRange<19
ORmozillafirefox_esrRange<17.0.3
ORmozillaseamonkeyRange<2.16
ORmozillathunderbirdRange<17.0.3
ORmozillathunderbird_esrRange<17.0.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 19 | |
| firefox esr | lt | 17.0.3 | |
| seamonkey | lt | 2.16 | |
| thunderbird | lt | 17.0.3 | |
| thunderbird esr | lt | 17.0.3 |
Related
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-24) - Linux
2021-11-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0410-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0471-1)
2021-06-09 00:00:00
nvd
nvd
CVE-2013-0773
2013-02-19 23:55:01
prion
prion
Code injection
2013-02-19 23:55:00
cve
cve
CVE-2013-0773
2013-02-19 23:55:01
cvelist
cvelist
CVE-2013-0773
2013-02-19 23:00:00
ubuntucve
ubuntucve
CVE-2013-0773
2013-02-20 00:00:00
nessus
nessus
Firefox ESR 17.x < 17.0.3 Multiple Vulnerabilities
2013-02-20 00:00:00
Thunderbird ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X)
2013-02-20 00:00:00
Mozilla Thunderbird ESR 17.x < 17.0.3 Multiple Vulnerabilities
2013-02-20 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-02-19 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-03-08 22:04:48
Security update for Mozilla Firefox (important)
2013-03-15 19:04:45
Mozilla: February 2013 update round (Firefox 19) (important)
2013-02-22 14:04:25
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-02-25 00:00:00
Firefox vulnerabilities
2013-02-20 00:00:00
Firefox regression
2013-03-01 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-02-24 00:00:00
debian
debian
[SECURITY] [DSA 2699-1] iceweasel security update
2013-06-02 16:37:13
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.01 Low
EPSS
Percentile
83.3%
Related for MFSA2013-24