Lucene search
HistoryMar 05, 2014 - 5:11 a.m.
CVE-2013-6666
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6
Confidence
Low
EPSS
0.004
Percentile
72.4%
The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header.
Affected configurations
Node
googlechromeRange≤33.0.1750.144
ORgooglechromeMatch33.0.1750.0
ORgooglechromeMatch33.0.1750.1
ORgooglechromeMatch33.0.1750.2
ORgooglechromeMatch33.0.1750.3
ORgooglechromeMatch33.0.1750.4
ORgooglechromeMatch33.0.1750.5
ORgooglechromeMatch33.0.1750.6
ORgooglechromeMatch33.0.1750.7
ORgooglechromeMatch33.0.1750.8
ORgooglechromeMatch33.0.1750.9
ORgooglechromeMatch33.0.1750.10
ORgooglechromeMatch33.0.1750.11
ORgooglechromeMatch33.0.1750.12
ORgooglechromeMatch33.0.1750.13
ORgooglechromeMatch33.0.1750.14
ORgooglechromeMatch33.0.1750.15
ORgooglechromeMatch33.0.1750.16
ORgooglechromeMatch33.0.1750.18
ORgooglechromeMatch33.0.1750.19
ORgooglechromeMatch33.0.1750.20
ORgooglechromeMatch33.0.1750.21
ORgooglechromeMatch33.0.1750.22
ORgooglechromeMatch33.0.1750.23
ORgooglechromeMatch33.0.1750.24
ORgooglechromeMatch33.0.1750.25
ORgooglechromeMatch33.0.1750.26
ORgooglechromeMatch33.0.1750.27
ORgooglechromeMatch33.0.1750.28
ORgooglechromeMatch33.0.1750.29
ORgooglechromeMatch33.0.1750.30
ORgooglechromeMatch33.0.1750.31
ORgooglechromeMatch33.0.1750.34
ORgooglechromeMatch33.0.1750.35
ORgooglechromeMatch33.0.1750.36
ORgooglechromeMatch33.0.1750.37
ORgooglechromeMatch33.0.1750.38
ORgooglechromeMatch33.0.1750.39
ORgooglechromeMatch33.0.1750.40
ORgooglechromeMatch33.0.1750.41
ORgooglechromeMatch33.0.1750.42
ORgooglechromeMatch33.0.1750.43
ORgooglechromeMatch33.0.1750.44
ORgooglechromeMatch33.0.1750.45
ORgooglechromeMatch33.0.1750.46
ORgooglechromeMatch33.0.1750.47
ORgooglechromeMatch33.0.1750.48
ORgooglechromeMatch33.0.1750.49
ORgooglechromeMatch33.0.1750.50
ORgooglechromeMatch33.0.1750.51
ORgooglechromeMatch33.0.1750.52
ORgooglechromeMatch33.0.1750.53
ORgooglechromeMatch33.0.1750.54
ORgooglechromeMatch33.0.1750.55
ORgooglechromeMatch33.0.1750.56
ORgooglechromeMatch33.0.1750.57
ORgooglechromeMatch33.0.1750.58
ORgooglechromeMatch33.0.1750.59
ORgooglechromeMatch33.0.1750.60
ORgooglechromeMatch33.0.1750.61
ORgooglechromeMatch33.0.1750.62
ORgooglechromeMatch33.0.1750.63
ORgooglechromeMatch33.0.1750.64
ORgooglechromeMatch33.0.1750.65
ORgooglechromeMatch33.0.1750.66
ORgooglechromeMatch33.0.1750.67
ORgooglechromeMatch33.0.1750.68
ORgooglechromeMatch33.0.1750.69
ORgooglechromeMatch33.0.1750.70
ORgooglechromeMatch33.0.1750.71
ORgooglechromeMatch33.0.1750.73
ORgooglechromeMatch33.0.1750.74
ORgooglechromeMatch33.0.1750.75
ORgooglechromeMatch33.0.1750.76
ORgooglechromeMatch33.0.1750.77
ORgooglechromeMatch33.0.1750.79
ORgooglechromeMatch33.0.1750.80
ORgooglechromeMatch33.0.1750.81
ORgooglechromeMatch33.0.1750.82
ORgooglechromeMatch33.0.1750.83
ORgooglechromeMatch33.0.1750.85
ORgooglechromeMatch33.0.1750.88
ORgooglechromeMatch33.0.1750.89
ORgooglechromeMatch33.0.1750.90
ORgooglechromeMatch33.0.1750.91
ORgooglechromeMatch33.0.1750.92
ORgooglechromeMatch33.0.1750.93
ORgooglechromeMatch33.0.1750.104
ORgooglechromeMatch33.0.1750.106
ORgooglechromeMatch33.0.1750.107
ORgooglechromeMatch33.0.1750.108
ORgooglechromeMatch33.0.1750.109
ORgooglechromeMatch33.0.1750.110
ORgooglechromeMatch33.0.1750.111
ORgooglechromeMatch33.0.1750.112
ORgooglechromeMatch33.0.1750.113
ORgooglechromeMatch33.0.1750.115
ORgooglechromeMatch33.0.1750.116
ORgooglechromeMatch33.0.1750.117
ORgooglechromeMatch33.0.1750.124
ORgooglechromeMatch33.0.1750.125
ORgooglechromeMatch33.0.1750.126
ORgooglechromeMatch33.0.1750.132
ORgooglechromeMatch33.0.1750.133
ORgooglechromeMatch33.0.1750.135
ORgooglechromeMatch33.0.1750.136
Related
prion
prion
Cross site scripting
2014-03-05 05:11:00
cve
cve
CVE-2013-6666
2014-03-05 05:11:22
ubuntucve
ubuntucve
CVE-2013-6666
2014-03-05 00:00:00
cvelist
cvelist
CVE-2013-6666
2014-03-05 02:00:00
debiancve
debiancve
CVE-2013-6666
2014-03-05 05:11:00
threatpost
threatpost
Google Fixes Nearly 20 Bugs in Chrome 33
2014-03-04 10:55:03
openvas
openvas
Google Chrome Multiple Vulnerabilities-01 (Mar 2014) - Windows
2014-03-13 00:00:00
Google Chrome Multiple Vulnerabilities-01 (Mar 2014) - Mac OS X
2014-03-13 00:00:00
Google Chrome Multiple Vulnerabilities-01 (Mar 2014) - Linux
2014-03-13 00:00:00
nessus
nessus
Google Chrome < 33.0.1750.146 Multiple Vulnerabilities
2014-03-04 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (b4023753-a4ba-11e3-bec2-00262d5ed8ee)
2014-03-06 00:00:00
Google Chrome < 33.0.1750.146 Multiple Vulnerabilities (Mac OS X)
2014-03-04 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2014-03-03 00:00:00
seebug
seebug
Google Chrome 33.0.1750.146之前版本多个安全漏洞
2014-03-05 00:00:00
chrome
chrome
Stable Channel Update
2014-03-03 00:00:00
mageia
mageia
Updated chromium-browser-stable package fixes security vulnerabilities
2014-03-07 01:52:06
securityvulns
securityvulns
Chromium / Google Chrome multiple security vulnerabilities
2014-03-27 00:00:00
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-25 00:00:00
debian
debian
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:13
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:13
osv
osv
chromium-browser - security update
2014-03-23 00:00:00
gentoo
gentoo
Chromium, V8: Multiple vulnerabilities
2014-03-05 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6
Confidence
Low
EPSS
0.004
Percentile
72.4%
Related for NVD:CVE-2013-6666