Lucene search
Mozilla FoundationMFSA2013-55HistoryJun 25, 2013 - 12:00 a.m.
SVG filters can lead to information disclosure — Mozilla
2013-06-2500:00:00
Mozilla Foundation
www.mozilla.org
23
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.02 Low
EPSS
Percentile
88.8%
Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure.
Affected configurations
Node
mozillafirefoxRange<22
ORmozillafirefox_esrRange<17.0.7
ORmozillaseamonkeyRange<2.19
ORmozillathunderbirdRange<17.0.7
ORmozillathunderbird_esrRange<17.0.7
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 22 | |
| firefox esr | lt | 17.0.7 | |
| seamonkey | lt | 2.19 | |
| thunderbird | lt | 17.0.7 | |
| thunderbird esr | lt | 17.0.7 |
Related
nvd
nvd
CVE-2013-1693
2013-06-26 03:19:10
CVE-2014-1505
2014-03-19 10:55:06
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-55) - Linux
2021-11-11 00:00:00
Mozilla Thunderbird ESR Multiple Vulnerabilities - June 13 (Mac OS X)
2013-06-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1153-1)
2021-06-09 00:00:00
ubuntucve
ubuntucve
CVE-2013-1693
2013-06-25 00:00:00
CVE-2014-1505
2014-03-18 00:00:00
cve
cve
CVE-2013-1693
2013-06-26 03:19:10
CVE-2014-1505
2014-03-19 10:55:06
prion
prion
Code injection
2013-06-26 03:19:00
Information disclosure
2014-03-19 10:55:00
cvelist
cvelist
CVE-2013-1693
2013-06-26 01:00:00
CVE-2014-1505
2014-03-19 10:00:00
nessus
nessus
SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7976)
2013-07-06 00:00:00
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8636)
2013-07-06 00:00:00
RHEL 5 / 6 : firefox (RHSA-2013:0981)
2013-06-26 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-07-05 22:04:18
xulrunner: 17.0.7esr (important)
2013-07-04 12:04:46
MozillaThunderbird: 17.0.7 (important)
2013-07-04 12:04:15
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:45:43
Same-Origin Policy Bypass
2019-05-02 04:45:44
Use-After-Free
2019-05-02 04:45:43
mageia
mageia
Updated Firefox and Thunderbird packages fix multiple vulnerabilities
2013-06-26 22:45:58
Updated iceape packages fix multiple vulnerabilities
2014-03-31 23:47:52
Updated iceape packages fix many vulnerabilities
2013-11-21 00:16:49
redhat
redhat
(RHSA-2013:0982) Important: thunderbird security update
2013-06-25 00:00:00
(RHSA-2013:0981) Critical: firefox security update
2013-06-25 00:00:00
oraclelinux
oraclelinux
firefox security update
2013-06-25 00:00:00
thunderbird security update
2013-06-25 00:00:00
centos
centos
firefox, xulrunner security update
2013-06-26 02:19:59
thunderbird security update
2013-06-26 02:19:42
debian
debian
[SECURITY] [DSA 2720-1] icedove security update
2013-07-06 15:37:08
[SECURITY] [DSA 2716-1] iceweasel security update
2013-06-26 14:00:40
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-06-26 00:00:00
Firefox vulnerabilities
2013-06-26 00:00:00
Firefox regression
2013-07-03 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-07-01 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-06-25 00:00:00
ibm
ibm
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.02 Low
EPSS
Percentile
88.8%
Related for MFSA2013-55