CVE-2013-1687

2013-06-2500:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.2%

JSON

The System Only Wrapper (SOW) and Chrome Object Wrapper (COW)
implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before
17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7
do not properly restrict XBL user-defined functions, which allows remote
attackers to execute arbitrary JavaScript code with chrome privileges, or
conduct cross-site scripting (XSS) attacks, via a crafted web site.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchfirefox< 22.0+build1-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchfirefox< 22.0+build1-0ubuntu0.12.10.1UNKNOWN
ubuntu13.04noarchfirefox< 22.0+build1-0ubuntu0.13.04.1UNKNOWN
ubuntu12.04noarchthunderbird< 17.0.7+build1-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchthunderbird< 17.0.7+build1-0ubuntu0.12.10.1UNKNOWN
ubuntu13.04noarchthunderbird< 17.0.7+build1-0ubuntu0.13.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	firefox	< 22.0+build1-0ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	firefox	< 22.0+build1-0ubuntu0.12.10.1	UNKNOWN
ubuntu	13.04	noarch	firefox	< 22.0+build1-0ubuntu0.13.04.1	UNKNOWN
ubuntu	12.04	noarch	thunderbird	< 17.0.7+build1-0ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	thunderbird	< 17.0.7+build1-0ubuntu0.12.10.1	UNKNOWN
ubuntu	13.04	noarch	thunderbird	< 17.0.7+build1-0ubuntu0.13.04.1	UNKNOWN