Lucene search
HistoryAug 07, 2013 - 1:55 a.m.
CVE-2013-1710
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.1 Medium
AI Score
Confidence
High
0.927 High
EPSS
Percentile
99.0%
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation.
Affected configurations
Node
mozillaseamonkeyRange≤2.20beta3
ORmozillaseamonkeyMatch2.0
ORmozillaseamonkeyMatch2.0alpha_1
ORmozillaseamonkeyMatch2.0alpha_2
ORmozillaseamonkeyMatch2.0alpha_3
ORmozillaseamonkeyMatch2.0beta_1
ORmozillaseamonkeyMatch2.0beta_2
ORmozillaseamonkeyMatch2.0rc1
ORmozillaseamonkeyMatch2.0rc2
ORmozillaseamonkeyMatch2.0.1
ORmozillaseamonkeyMatch2.0.2
ORmozillaseamonkeyMatch2.0.3
ORmozillaseamonkeyMatch2.0.4
ORmozillaseamonkeyMatch2.0.5
ORmozillaseamonkeyMatch2.0.6
ORmozillaseamonkeyMatch2.0.7
ORmozillaseamonkeyMatch2.0.8
ORmozillaseamonkeyMatch2.0.9
ORmozillaseamonkeyMatch2.0.10
ORmozillaseamonkeyMatch2.0.11
ORmozillaseamonkeyMatch2.0.12
ORmozillaseamonkeyMatch2.0.13
ORmozillaseamonkeyMatch2.0.14
ORmozillaseamonkeyMatch2.1
ORmozillaseamonkeyMatch2.1alpha1
ORmozillaseamonkeyMatch2.1alpha2
ORmozillaseamonkeyMatch2.1alpha3
ORmozillaseamonkeyMatch2.1beta1
ORmozillaseamonkeyMatch2.1beta2
ORmozillaseamonkeyMatch2.1beta3
ORmozillaseamonkeyMatch2.1rc1
ORmozillaseamonkeyMatch2.1rc2
ORmozillaseamonkeyMatch2.2
ORmozillaseamonkeyMatch2.2beta1
ORmozillaseamonkeyMatch2.2beta2
ORmozillaseamonkeyMatch2.2beta3
ORmozillaseamonkeyMatch2.3
ORmozillaseamonkeyMatch2.3beta1
ORmozillaseamonkeyMatch2.3beta2
ORmozillaseamonkeyMatch2.3beta3
ORmozillaseamonkeyMatch2.3.1
ORmozillaseamonkeyMatch2.3.2
ORmozillaseamonkeyMatch2.3.3
ORmozillaseamonkeyMatch2.4
ORmozillaseamonkeyMatch2.4beta1
ORmozillaseamonkeyMatch2.4beta2
ORmozillaseamonkeyMatch2.4beta3
ORmozillaseamonkeyMatch2.4.1
ORmozillaseamonkeyMatch2.5
ORmozillaseamonkeyMatch2.5beta1
ORmozillaseamonkeyMatch2.5beta2
ORmozillaseamonkeyMatch2.5beta3
ORmozillaseamonkeyMatch2.5beta4
ORmozillaseamonkeyMatch2.6
ORmozillaseamonkeyMatch2.6beta1
ORmozillaseamonkeyMatch2.6beta2
ORmozillaseamonkeyMatch2.6beta3
ORmozillaseamonkeyMatch2.6beta4
ORmozillaseamonkeyMatch2.6.1
ORmozillaseamonkeyMatch2.7
ORmozillaseamonkeyMatch2.7beta1
ORmozillaseamonkeyMatch2.7beta2
ORmozillaseamonkeyMatch2.7beta3
ORmozillaseamonkeyMatch2.7beta4
ORmozillaseamonkeyMatch2.7beta5
ORmozillaseamonkeyMatch2.7.1
ORmozillaseamonkeyMatch2.7.2
ORmozillaseamonkeyMatch2.8
ORmozillaseamonkeyMatch2.8beta1
ORmozillaseamonkeyMatch2.8beta2
ORmozillaseamonkeyMatch2.8beta3
ORmozillaseamonkeyMatch2.8beta4
ORmozillaseamonkeyMatch2.8beta5
ORmozillaseamonkeyMatch2.8beta6
ORmozillaseamonkeyMatch2.9
ORmozillaseamonkeyMatch2.9beta1
ORmozillaseamonkeyMatch2.9beta2
ORmozillaseamonkeyMatch2.9beta3
ORmozillaseamonkeyMatch2.9beta4
ORmozillaseamonkeyMatch2.9.1
ORmozillaseamonkeyMatch2.10
ORmozillaseamonkeyMatch2.10beta1
ORmozillaseamonkeyMatch2.10beta2
ORmozillaseamonkeyMatch2.10beta3
ORmozillaseamonkeyMatch2.10.1
ORmozillaseamonkeyMatch2.11
ORmozillaseamonkeyMatch2.11beta1
ORmozillaseamonkeyMatch2.11beta2
ORmozillaseamonkeyMatch2.11beta3
ORmozillaseamonkeyMatch2.11beta4
ORmozillaseamonkeyMatch2.11beta5
ORmozillaseamonkeyMatch2.11beta6
ORmozillaseamonkeyMatch2.12
ORmozillaseamonkeyMatch2.12beta1
ORmozillaseamonkeyMatch2.12beta2
ORmozillaseamonkeyMatch2.12beta3
ORmozillaseamonkeyMatch2.12beta4
ORmozillaseamonkeyMatch2.12beta5
ORmozillaseamonkeyMatch2.12beta6
ORmozillaseamonkeyMatch2.12.1
ORmozillaseamonkeyMatch2.13
ORmozillaseamonkeyMatch2.13beta1
ORmozillaseamonkeyMatch2.13beta2
ORmozillaseamonkeyMatch2.13beta3
ORmozillaseamonkeyMatch2.13beta4
ORmozillaseamonkeyMatch2.13beta5
ORmozillaseamonkeyMatch2.13beta6
ORmozillaseamonkeyMatch2.13.1
ORmozillaseamonkeyMatch2.13.2
ORmozillaseamonkeyMatch2.14
ORmozillaseamonkeyMatch2.14beta1
ORmozillaseamonkeyMatch2.14beta2
ORmozillaseamonkeyMatch2.14beta3
ORmozillaseamonkeyMatch2.14beta4
ORmozillaseamonkeyMatch2.14beta5
ORmozillaseamonkeyMatch2.15
ORmozillaseamonkeyMatch2.15beta1
ORmozillaseamonkeyMatch2.15beta2
ORmozillaseamonkeyMatch2.15beta3
ORmozillaseamonkeyMatch2.15beta4
ORmozillaseamonkeyMatch2.15beta5
ORmozillaseamonkeyMatch2.15beta6
ORmozillaseamonkeyMatch2.15.1
ORmozillaseamonkeyMatch2.15.2
ORmozillaseamonkeyMatch2.16
ORmozillaseamonkeyMatch2.16beta1
ORmozillaseamonkeyMatch2.16beta2
ORmozillaseamonkeyMatch2.16beta3
ORmozillaseamonkeyMatch2.16beta4
ORmozillaseamonkeyMatch2.16beta5
ORmozillaseamonkeyMatch2.16.1
ORmozillaseamonkeyMatch2.16.2
ORmozillaseamonkeyMatch2.17
ORmozillaseamonkeyMatch2.17beta1
ORmozillaseamonkeyMatch2.17beta2
ORmozillaseamonkeyMatch2.17beta3
ORmozillaseamonkeyMatch2.17beta4
ORmozillaseamonkeyMatch2.17.1
ORmozillaseamonkeyMatch2.18beta1
ORmozillaseamonkeyMatch2.18beta2
ORmozillaseamonkeyMatch2.18beta3
ORmozillaseamonkeyMatch2.18beta4
ORmozillaseamonkeyMatch2.19
ORmozillaseamonkeyMatch2.19beta1
ORmozillaseamonkeyMatch2.19beta2
ORmozillaseamonkeyMatch2.20beta1
ORmozillaseamonkeyMatch2.20beta2
Node
mozillathunderbird_esrMatch17.0
ORmozillathunderbird_esrMatch17.0.1
ORmozillathunderbird_esrMatch17.0.2
ORmozillathunderbird_esrMatch17.0.3
ORmozillathunderbird_esrMatch17.0.4
ORmozillathunderbird_esrMatch17.0.5
ORmozillathunderbird_esrMatch17.0.6
ORmozillathunderbird_esrMatch17.0.7
Node
mozillafirefoxRange≤22.0
ORmozillafirefoxMatch19.0
ORmozillafirefoxMatch19.0.1
ORmozillafirefoxMatch19.0.2
ORmozillafirefoxMatch20.0
ORmozillafirefoxMatch20.0.1
ORmozillafirefoxMatch21.0
Node
mozillathunderbirdRange≤17.0.7
ORmozillathunderbirdMatch17.0
ORmozillathunderbirdMatch17.0.1
ORmozillathunderbirdMatch17.0.2
ORmozillathunderbirdMatch17.0.3
ORmozillathunderbirdMatch17.0.4
ORmozillathunderbirdMatch17.0.5
ORmozillathunderbirdMatch17.0.6
Node
mozillafirefox_esrMatch17.0
ORmozillafirefox_esrMatch17.0.1
ORmozillafirefox_esrMatch17.0.2
ORmozillafirefox_esrMatch17.0.3
ORmozillafirefox_esrMatch17.0.4
ORmozillafirefox_esrMatch17.0.5
ORmozillafirefox_esrMatch17.0.6
ORmozillafirefox_esrMatch17.0.7
Related
saint
saint
Firefox crypto.generateCRMFRequest command execution
2014-08-21 00:00:00
Firefox crypto.generateCRMFRequest command execution
2014-08-21 00:00:00
Firefox crypto.generateCRMFRequest command execution
2014-08-21 00:00:00
cve
cve
CVE-2013-1710
2013-08-07 01:55:04
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-69) - Linux
2021-11-11 00:00:00
Oracle: Security Advisory (ELSA-2013-1142)
2015-10-06 00:00:00
CentOS Update for firefox CESA-2013:1140 centos5
2013-08-08 00:00:00
cvelist
cvelist
CVE-2013-1710
2013-08-07 01:00:00
ubuntucve
ubuntucve
CVE-2013-1710
2013-08-06 00:00:00
mozilla
mozilla
CRMF requests allow for code execution and XSS attacks — Mozilla
2013-08-06 00:00:00
prion
prion
Cross site scripting
2013-08-07 01:55:00
metasploit
metasploit
Firefox toString console.time Privileged Javascript Injection
2014-08-15 20:17:37
Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution
2013-12-18 20:31:42
seebug
seebug
Mozilla Firefox/SeaMonkey/Thunderbird CRMF请求生成跨站脚本漏洞
2013-12-25 00:00:00
Firefox toString console.time Privileged Javascript Injection
2014-08-20 00:00:00
Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution
2014-07-01 00:00:00
packetstorm
packetstorm
Firefox 15.0.1 Code Execution
2013-12-23 00:00:00
Firefox toString console.time Privileged Javascript Injection
2014-08-18 00:00:00
zdt
zdt
Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution Vulnerability
2013-12-24 00:00:00
Firefox toString console.time Privileged Javascript Injection Exploit
2014-08-18 00:00:00
checkpoint_advisories
checkpoint_advisories
exploitdb
exploitdb
redhat
redhat
(RHSA-2013:1140) Critical: firefox security update
2013-08-07 00:00:00
(RHSA-2013:1142) Important: thunderbird security update
2013-08-07 00:00:00
nessus
nessus
CentOS 5 / 6 : thunderbird (CESA-2013:1142)
2013-08-08 00:00:00
Thunderbird ESR 17.x < 17.0.8 Multiple Vulnerabilities (Mac OS X)
2013-08-08 00:00:00
RHEL 5 / 6 : thunderbird (RHSA-2013:1142)
2013-08-08 00:00:00
debian
debian
[SECURITY] [DSA 2746-1] icedove security update
2013-08-29 17:36:06
[SECURITY] [DSA 2735-1] iceweasel security update
2013-08-07 14:14:06
mageia
mageia
Updated firefox and thunderbird packages fix security vulnerabilities
2013-08-12 17:54:58
Updated iceape packages fix many vulnerabilities
2013-11-21 00:16:49
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-08-07 00:00:00
Firefox vulnerabilities
2013-08-06 00:00:00
Ubufox and Unity Firefox Extension update
2013-08-06 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2013-08-07 00:00:00
firefox security update
2013-08-07 00:00:00
centos
centos
firefox, xulrunner security update
2013-08-07 11:33:09
thunderbird security update
2013-08-07 20:14:12
veracode
veracode
Cross-site Scripting (XSS)
2019-05-02 04:48:19
Cross Site Scripting (XSS)
2019-05-02 04:48:20
Cross Site Scripting (XSS)
2019-05-02 04:48:19
osv
osv
icedove - several
2013-08-29 00:00:00
iceweasel - several
2013-08-07 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-08-27 08:04:16
Security update for Mozilla Firefox (important)
2013-08-23 05:04:11
Security update for Mozilla Firefox (important)
2013-08-14 00:04:15
ibm
ibm
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-08-06 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-08-12 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.1 Medium
AI Score
Confidence
High
0.927 High
EPSS
Percentile
99.0%
Related for NVD:CVE-2013-1710