Firefox crypto.generateCRMFRequest command execution

2014-08-21T00:00:00
ID SAINT:417B7745BC680DB5735ED5B5A6B1B30F
Type saint
Reporter SAINT Corporation
Modified 2014-08-21T00:00:00

Description

Added: 08/21/2014
CVE: CVE-2013-1710
BID: 61900
OSVDB: 96019

Background

Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.

Problem

A vulnerability in the implementation of the crypto.generateCRMFRequest javascript method allows command execution when a user opens a specially crafted page in Firefox.

Resolution

Upgrade to Firefox 23.0 or higher.

References

<https://www.mozilla.org/security/announce/2013/mfsa2013-69.html>

Limitations

Exploit works on Firefox 15.0 through 22.0 and requires a user to load the exploit page in Firefox.

Platforms

Windows
Linux
Mac OS X