A vulnerability in the implementation of the crypto.generateCRMFRequest javascript method allows command execution when a user opens a specially crafted page in Firefox.

Resolution

Upgrade to Firefox 23.0 or higher.

References

<https://www.mozilla.org/security/announce/2013/mfsa2013-69.html>

Limitations

Exploit works on Firefox 15.0 through 22.0 and requires a user to load the exploit page in Firefox.

Platforms

Windows
Linux
Mac OS X

saint 3

ubuntucve 1

mozilla 1

cve 1

openvas 54

prion 1

seebug 3

metasploit 2

zdt 2

packetstorm 2

checkpoint_advisories 1

exploitdb 2

nessus 33

redhat 2

debian 2

ubuntu 3

mageia 2

veracode 5

osv 2

centos 2

oraclelinux 2

suse 6

ibm 2

freebsd 1

securityvulns 1

gentoo 1

saint

Firefox crypto.generateCRMFRequest command execution

2014-08-21 00:00:00

Firefox crypto.generateCRMFRequest command execution

2014-08-21 00:00:00

Firefox crypto.generateCRMFRequest command execution

2014-08-21 00:00:00

ubuntucve

CVE-2013-1710

2013-08-06 00:00:00

mozilla

CRMF requests allow for code execution and XSS attacks — Mozilla

2013-08-06 00:00:00

cve

CVE-2013-1710

2013-08-07 01:55:00

openvas

Mozilla Firefox Security Advisory (MFSA2013-69) - Linux

2021-11-11 00:00:00

CentOS Update for firefox CESA-2013:1140 centos5

2013-08-08 00:00:00

Mageia: Security Advisory (MGASA-2013-0248)

2022-01-28 00:00:00

prion

Cross site scripting

2013-08-07 01:55:00

seebug

Mozilla Firefox/SeaMonkey/Thunderbird CRMF请求生成跨站脚本漏洞

2013-12-25 00:00:00

Firefox toString console.time Privileged Javascript Injection

2014-08-20 00:00:00

Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution

2014-07-01 00:00:00

metasploit

Firefox toString console.time Privileged Javascript Injection

2014-08-15 20:17:37

Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution

2013-12-18 20:31:42

zdt

Firefox toString console.time Privileged Javascript Injection Exploit

2014-08-18 00:00:00

Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution Vulnerability

2013-12-24 00:00:00

packetstorm

Firefox toString console.time Privileged Javascript Injection

2014-08-18 00:00:00

Firefox 15.0.1 Code Execution

2013-12-23 00:00:00

checkpoint_advisories

Mozilla Firefox generateCRMFRequest Remote Code Execution (CVE-2012-3993; CVE-2013-1710)

2014-04-30 00:00:00

exploitdb

Mozilla Firefox - toString console.time Privileged JavaScript Injection (Metasploit)

2014-08-19 00:00:00

Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)

2013-08-06 00:00:00

nessus

Thunderbird ESR 17.x < 17.0.8 Multiple Vulnerabilities (Mac OS X)

2013-08-08 00:00:00

RHEL 5 / 6 : thunderbird (RHSA-2013:1142)

2013-08-08 00:00:00

Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130807)

2013-08-08 00:00:00

redhat

(RHSA-2013:1140) Critical: firefox security update

2013-08-07 00:00:00

(RHSA-2013:1142) Important: thunderbird security update

2013-08-07 00:00:00

debian

[SECURITY] [DSA 2746-1] icedove security update

2013-08-29 17:36:35

[SECURITY] [DSA 2735-1] iceweasel security update

2013-08-07 14:14:34

ubuntu

Thunderbird vulnerabilities

2013-08-07 00:00:00

Firefox vulnerabilities

2013-08-06 00:00:00

Ubufox and Unity Firefox Extension update

2013-08-06 00:00:00

mageia

Updated firefox and thunderbird packages fix security vulnerabilities

2013-08-12 17:54:58

Updated iceape packages fix many vulnerabilities

2013-11-21 00:16:49

veracode

Information Disclosure

2019-05-02 04:48:22

Cross Site Scripting (XSS)

2019-05-02 04:48:19

Cross Site Scripting (XSS)

2019-05-02 04:48:20

osv

iceweasel - several

2013-08-07 00:00:00

icedove - several

2013-08-29 00:00:00

centos

thunderbird security update

2013-08-07 20:14:12

firefox, xulrunner security update

2013-08-07 11:33:09

oraclelinux

firefox security update

2013-08-07 00:00:00

thunderbird security update

2013-08-07 00:00:00

suse

Security update for Mozilla Firefox (important)

2013-08-27 08:04:16

Security update for Mozilla Firefox (important)

2013-08-14 00:04:15

Security update for Mozilla Firefox (important)

2013-08-23 05:04:11

ibm

Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities.

2022-09-26 04:23:14

Security Bulletin: IBM Scale Out Network Attached Storage V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities.

2022-09-26 04:23:14

freebsd

mozilla -- multiple vulnerabilities

2013-08-06 00:00:00

securityvulns

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

2013-08-12 00:00:00

gentoo

Mozilla Products: Multiple vulnerabilities

2013-09-27 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.93 High

EPSS

Percentile

99.0%

JSON

Related for SAINT:E0DFC76FC72E1FF974EB802FE28459E6