Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances.

CPENameOperatorVersion
firefoxlt23
firefox esrlt17.0.8
seamonkeylt2.20
thunderbirdlt17.0.8
thunderbird esrlt17.0.8

Name	Operator	Version
firefox	lt	23
firefox esr	lt	17.0.8
seamonkey	lt	2.20
thunderbird	lt	17.0.8
thunderbird esr	lt	17.0.8

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1710

bugzilla.mozilla.org/show_bug.cgi?id=871368

saint 4

ubuntucve 1

cve 1

openvas 54

prion 1

seebug 3

metasploit 2

zdt 2

checkpoint_advisories 1

packetstorm 2

exploitdb 2

nessus 33

redhat 2

debian 2

ubuntu 3

mageia 2

veracode 5

oraclelinux 2

osv 2

centos 2

suse 6

ibm 2

freebsd 1

securityvulns 1

gentoo 1

saint

Firefox crypto.generateCRMFRequest command execution

2014-08-21 00:00:00

Firefox crypto.generateCRMFRequest command execution

2014-08-21 00:00:00

Firefox crypto.generateCRMFRequest command execution

2014-08-21 00:00:00

ubuntucve

CVE-2013-1710

2013-08-06 00:00:00

cve

CVE-2013-1710

2013-08-07 01:55:00

openvas

Mozilla Firefox Security Advisory (MFSA2013-69) - Linux

2021-11-11 00:00:00

CentOS Update for firefox CESA-2013:1140 centos5

2013-08-08 00:00:00

Mageia: Security Advisory (MGASA-2013-0248)

2022-01-28 00:00:00

prion

Cross site scripting

2013-08-07 01:55:00

seebug

Mozilla Firefox/SeaMonkey/Thunderbird CRMF请求生成跨站脚本漏洞

2013-12-25 00:00:00

Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution

2014-07-01 00:00:00

Firefox toString console.time Privileged Javascript Injection

2014-08-20 00:00:00

metasploit

Firefox toString console.time Privileged Javascript Injection

2014-08-15 20:17:37

Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution

2013-12-18 20:31:42

zdt

Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution Vulnerability

2013-12-24 00:00:00

Firefox toString console.time Privileged Javascript Injection Exploit

2014-08-18 00:00:00

checkpoint_advisories

Mozilla Firefox generateCRMFRequest Remote Code Execution (CVE-2012-3993; CVE-2013-1710)

2014-04-30 00:00:00

packetstorm

Firefox toString console.time Privileged Javascript Injection

2014-08-18 00:00:00

Firefox 15.0.1 Code Execution

2013-12-23 00:00:00

exploitdb

Mozilla Firefox - toString console.time Privileged JavaScript Injection (Metasploit)

2014-08-19 00:00:00

Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)

2013-08-06 00:00:00

nessus

Thunderbird ESR 17.x < 17.0.8 Multiple Vulnerabilities (Mac OS X)

2013-08-08 00:00:00

RHEL 5 / 6 : thunderbird (RHSA-2013:1142)

2013-08-08 00:00:00

Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130807)

2013-08-08 00:00:00

redhat

(RHSA-2013:1140) Critical: firefox security update

2013-08-07 00:00:00

(RHSA-2013:1142) Important: thunderbird security update

2013-08-07 00:00:00

debian

[SECURITY] [DSA 2746-1] icedove security update

2013-08-29 17:36:35

[SECURITY] [DSA 2735-1] iceweasel security update

2013-08-07 14:14:34

ubuntu

Thunderbird vulnerabilities

2013-08-07 00:00:00

Ubufox and Unity Firefox Extension update

2013-08-06 00:00:00

Firefox vulnerabilities

2013-08-06 00:00:00

mageia

Updated firefox and thunderbird packages fix security vulnerabilities

2013-08-12 17:54:58

Updated iceape packages fix many vulnerabilities

2013-11-21 00:16:49

veracode

Cross Site Scripting (XSS)

2019-05-02 04:48:19

Cross Site Scripting (XSS)

2019-05-02 04:48:20

Information Disclosure

2019-05-02 04:48:22

oraclelinux

firefox security update

2013-08-07 00:00:00

thunderbird security update

2013-08-07 00:00:00

osv

iceweasel - several

2013-08-07 00:00:00

icedove - several

2013-08-29 00:00:00

centos

thunderbird security update

2013-08-07 20:14:12

firefox, xulrunner security update

2013-08-07 11:33:09

suse

Security update for Mozilla Firefox (important)

2013-08-27 08:04:16

Security update for Mozilla Firefox (important)

2013-08-14 00:04:15

Security update for Mozilla Firefox (important)

2013-08-23 05:04:11

ibm

Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities.

2022-09-26 04:23:14

Security Bulletin: IBM Scale Out Network Attached Storage V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities.

2022-09-26 04:23:14

freebsd

mozilla -- multiple vulnerabilities

2013-08-06 00:00:00

securityvulns

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

2013-08-12 00:00:00

gentoo

Mozilla Products: Multiple vulnerabilities

2013-09-27 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.93 High

EPSS

Percentile

99.0%

JSON

Related for MFSA2013-69