CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
96.5%
Versions of Firefox 21.x and older are potentially affected by the following security issues :
Inaccessible updater can lead to local privilege escalation (CVE-2013-1700)
Insufficient validation homographic characters could allow for domain spoofing (CVE-2013-1699)
The getUserMedia permission dialog incorrectly displays its origin as that of the top level document rather than its calling page, which could result in incorrect camera or microphone permissions for the affected webpage. (CVE-2013-1698)
XrayWrappers can be bypassed to run user defined methods in a privileged context (CVE-2013-1697)
X-Frame-Options ignored when using server push with multi-part responses (CVE-2013-1696)
Various memory corruption issues, including an arbitrary code execution vulnerability through onreadystatechange event (CVE-2013-1690, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)
Data in the body of XHR HEAD requests leads to CSRF attacks (CVE-2013-1692)
SVG filters can lead to information disclosure (CVE-2013-1693)
SVG filters can lead to information disclosure via timing attacks (CVE-2013-1693)
In certain cases, inconsistencies in PreserveWrapper can lead to an exploitable crash (CVE-2013-1694)
Sandbox restrictions not applied to nested frame elements (CVE-2013-1695)
X-Frame-Options header is ignored when server push is used in multi-part responses, which can result in clickjacking (CVE-2013-1696)
Privileged content access and execution via XBL, which can lead to arbitrary code execution (CVE-2013-1687)
Arbitrary code execution within Profiler (CVE-2013-1688)
Miscellaneous memory safety issues specifically against versions 21.0 and 17.0.7 (CVE-2013-1682, CVE-2013-1683)
Binary data 801353.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1683
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1695
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1696
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1698
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1699
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1700
www.mozilla.org/security/announce/2013/mfsa2013-49.html
www.mozilla.org/security/announce/2013/mfsa2013-50.html
www.mozilla.org/security/announce/2013/mfsa2013-51.html
www.mozilla.org/security/announce/2013/mfsa2013-52.html
www.mozilla.org/security/announce/2013/mfsa2013-53.html
www.mozilla.org/security/announce/2013/mfsa2013-54.html
www.mozilla.org/security/announce/2013/mfsa2013-55.html
www.mozilla.org/security/announce/2013/mfsa2013-56.html
www.mozilla.org/security/announce/2013/mfsa2013-57.html
www.mozilla.org/security/announce/2013/mfsa2013-58.html
www.mozilla.org/security/announce/2013/mfsa2013-59.html
www.mozilla.org/security/announce/2013/mfsa2013-60.html
www.mozilla.org/security/announce/2013/mfsa2013-61.html
www.mozilla.org/security/announce/2013/mfsa2013-62.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
96.5%