Lucene search
Mozilla FoundationMFSA2013-25HistoryFeb 19, 2013 - 12:00 a.m.
Privacy leak in JavaScript Workers — Mozilla
2013-02-1900:00:00
Mozilla Foundation
www.mozilla.org
19
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
74.7%
Mozilla security researcher Frederik Braun discovered that since Firefox 15 the file system location of the active browser profile was available to JavaScript workers. While not dangerous by itself, this could potentially be combined with other vulnerabilities to target the profile in an attack.
Affected configurations
Node
mozillafirefoxRange<19
ORmozillafirefox_esrRange<17.0.3
ORmozillaseamonkeyRange<2.16
ORmozillathunderbirdRange<17.0.3
ORmozillathunderbird_esrRange<17.0.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 19 | |
| firefox esr | lt | 17.0.3 | |
| seamonkey | lt | 2.16 | |
| thunderbird | lt | 17.0.3 | |
| thunderbird esr | lt | 17.0.3 |
Related
nvd
nvd
CVE-2013-0774
2013-02-19 23:55:01
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-25) - Linux
2021-11-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0410-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0471-1)
2021-06-09 00:00:00
cve
cve
CVE-2013-0774
2013-02-19 23:55:01
prion
prion
Input validation
2013-02-19 23:55:00
ubuntucve
ubuntucve
CVE-2013-0774
2013-02-20 00:00:00
cvelist
cvelist
CVE-2013-0774
2013-02-19 23:00:00
nessus
nessus
Thunderbird ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X)
2013-02-20 00:00:00
Firefox ESR 17.x < 17.0.3 Multiple Vulnerabilities
2013-02-20 00:00:00
Firefox ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X)
2013-02-20 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-02-19 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-03-08 22:04:48
Security update for Mozilla Firefox (important)
2013-03-15 19:04:45
Mozilla: February 2013 update round (Firefox 19) (important)
2013-02-22 14:04:25
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-02-25 00:00:00
Firefox vulnerabilities
2013-02-20 00:00:00
Firefox regression
2013-03-01 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-02-24 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
74.7%
Related for MFSA2013-25