Lucene search

K

[email protected]NVD:CVE-2013-1693

HistoryJun 26, 2013 - 3:19 a.m.

CVE-2013-1693

2013-06-2603:19:10

CWE-264

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.7 High

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.8%

The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code.

Affected configurations

NVD

Node

mozillafirefoxRange≤21.0

OR

mozillafirefoxMatch19.0

OR

mozillafirefoxMatch19.0.1

OR

mozillafirefoxMatch19.0.2

OR

mozillafirefoxMatch20.0

OR

mozillafirefoxMatch20.0.1

Node

mozillafirefox_esrMatch17.0

OR

mozillafirefox_esrMatch17.0.1

OR

mozillafirefox_esrMatch17.0.2

OR

mozillafirefox_esrMatch17.0.3

OR

mozillafirefox_esrMatch17.0.4

OR

mozillafirefox_esrMatch17.0.5

OR

mozillafirefox_esrMatch17.0.6

Node

mozillathunderbirdRange≤17.0.6

OR

mozillathunderbirdMatch17.0

OR

mozillathunderbirdMatch17.0.1

OR

mozillathunderbirdMatch17.0.2

OR

mozillathunderbirdMatch17.0.3

OR

mozillathunderbirdMatch17.0.4

OR

mozillathunderbirdMatch17.0.5

Node

mozillathunderbird_esrMatch17.0

OR

mozillathunderbird_esrMatch17.0.1

OR

mozillathunderbird_esrMatch17.0.2

OR

mozillathunderbird_esrMatch17.0.3

OR

mozillathunderbird_esrMatch17.0.4

OR

mozillathunderbird_esrMatch17.0.5

OR

mozillathunderbird_esrMatch17.0.6

References

lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html

rhn.redhat.com/errata/RHSA-2013-0981.html

rhn.redhat.com/errata/RHSA-2013-0982.html

www.debian.org/security/2013/dsa-2716

www.debian.org/security/2013/dsa-2720

www.mozilla.org/security/announce/2013/mfsa2013-55.html

www.securityfocus.com/bid/60787

www.ubuntu.com/usn/USN-1890-1

www.ubuntu.com/usn/USN-1891-1

bugzilla.mozilla.org/show_bug.cgi?id=711043

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17075

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.7 High

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.8%

Related for NVD:CVE-2013-1693

openvas61 prion2 cvelist2 mozilla1 cve2 ubuntucve2 nvd1 nessus34 suse8 veracode9 oraclelinux2 centos2 redhat2 mageia3 ubuntu3 debian2 securityvulns1 freebsd1 ibm2 gentoo1