Lucene search
Mozilla FoundationMFSA2013-54HistoryJun 25, 2013 - 12:00 a.m.
Data in the body of XHR HEAD requests leads to CSRF attacks — Mozilla
2013-06-2500:00:00
Mozilla Foundation
www.mozilla.org
20
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
78.8%
Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes agains the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests.
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 22 | |
| firefox esr | lt | 17.0.7 | |
| seamonkey | lt | 2.19 | |
| thunderbird | lt | 17.0.7 | |
| thunderbird esr | lt | 17.0.7 |
Related
cve
cve
CVE-2013-1692
2013-06-26 03:19:00
prion
prion
Cross site request forgery (csrf)
2013-06-26 03:19:00
ubuntucve
ubuntucve
CVE-2013-1692
2013-06-25 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-54) - Linux
2021-11-11 00:00:00
Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 (Mac OS X)
2013-06-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1153-1)
2021-06-09 00:00:00
cvelist
cvelist
CVE-2013-1692
2013-06-26 01:00:00
nessus
nessus
SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7976)
2013-07-06 00:00:00
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8636)
2013-07-06 00:00:00
RHEL 5 / 6 : firefox (RHSA-2013:0981)
2013-06-26 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-07-05 22:04:18
xulrunner: 17.0.7esr (important)
2013-07-04 12:04:46
MozillaThunderbird: 17.0.7 (important)
2013-07-04 12:04:15
veracode
veracode
Same-Origin Policy Bypass
2019-05-02 04:45:44
Arbitrary Code Execution
2019-05-02 04:45:43
Use-After-Free
2019-05-02 04:45:43
redhat
redhat
(RHSA-2013:0982) Important: thunderbird security update
2013-06-25 00:00:00
(RHSA-2013:0981) Critical: firefox security update
2013-06-25 00:00:00
mageia
mageia
Updated Firefox and Thunderbird packages fix multiple vulnerabilities
2013-06-26 22:45:58
Updated iceape packages fix many vulnerabilities
2013-11-21 00:16:49
debian
debian
[SECURITY] [DSA 2716-1] iceweasel security update
2013-06-26 14:01:13
[SECURITY] [DSA 2720-1] icedove security update
2013-07-06 15:37:40
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-06-26 00:00:00
Firefox regression
2013-07-03 00:00:00
Firefox vulnerabilities
2013-06-26 00:00:00
centos
centos
thunderbird security update
2013-06-26 02:19:42
firefox, xulrunner security update
2013-06-26 02:19:59
oraclelinux
oraclelinux
thunderbird security update
2013-06-25 00:00:00
firefox security update
2013-06-25 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-06-25 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-07-01 00:00:00
ibm
ibm
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
78.8%
Related for MFSA2013-54