Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2013-38
HistoryApr 02, 2013 - 12:00 a.m.

Cross-site scripting (XSS) using timed history navigations — Mozilla

2013-04-0200:00:00
Mozilla Foundation
www.mozilla.org
22

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

71.9%

JSON

Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page’s baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack.

Related

ubuntucve 1
openvas 57
prion 1
cve 1
nessus 37
veracode 4
oraclelinux 2
centos 2
redhat 2
ubuntu 3
suse 7
freebsd 1
securityvulns 1
debian 1
ibm 2
gentoo 1
ubuntucve
ubuntucve
CVE-2013-0793
2013-04-03 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-38) - Linux
2021-11-11 00:00:00
RedHat Update for thunderbird RHSA-2013:0697-01
2013-04-05 00:00:00
CentOS Update for firefox CESA-2013:0696 centos6
2013-04-05 00:00:00
prion
prion
Cross site scripting
2013-04-03 11:56:00
cve
cve
CVE-2013-0793
2013-04-03 11:56:00
nessus
nessus
Firefox ESR 17.x < 17.0.5 Multiple Vulnerabilities (Mac OS X)
2013-04-04 00:00:00
Thunderbird ESR 17.x < 17.0.5 Multiple Vulnerabilities (Mac OS X)
2013-04-04 00:00:00
CentOS 5 / 6 : thunderbird (CESA-2013:0697)
2013-04-03 00:00:00
veracode
veracode
Out-of-bounds Write
2019-05-02 04:44:30
Cross-Site Scripting (XSS)
2019-05-02 04:44:28
Same-Origin Policy Bypass
2019-05-02 04:44:29
oraclelinux
oraclelinux
thunderbird security update
2013-04-02 00:00:00
firefox security update
2013-04-02 00:00:00
centos
centos
thunderbird security update
2013-04-03 04:39:37
firefox, xulrunner security update
2013-04-03 04:34:09
redhat
redhat
(RHSA-2013:0697) Important: thunderbird security update
2013-04-02 00:00:00
(RHSA-2013:0696) Critical: firefox security update
2013-04-02 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-04-08 00:00:00
Firefox vulnerabilities
2013-04-04 00:00:00
Unity Firefox Extension update
2013-04-04 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-05-28 21:04:38
Mozilla Firefox and others: Update to Firefox 20.0 release (important)
2013-04-05 15:06:14
Security update for Mozilla Firefox (important)
2013-05-28 22:04:36
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-04-02 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-04-03 00:00:00
debian
debian
[SECURITY] [DSA 2699-1] iceweasel security update
2013-06-02 16:37:13
ibm
ibm
Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

71.9%

JSON
Related for MFSA2013-38
ubuntucve1openvas57prion1cve1nessus37veracode4oraclelinux2centos2redhat2ubuntu3suse7freebsd1securityvulns1debian1ibm2gentoo1