CVE-2013-1711

2013-08-0600:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.2%

JSON

The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey
before 2.20 does not properly address the possibility of an XBL scope
bypass resulting from non-native arguments in XBL function calls, which
makes it easier for remote attackers to conduct cross-site scripting (XSS)
attacks by leveraging access to an unprivileged object.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchfirefox< 23.0+build2-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchfirefox< 23.0+build2-0ubuntu0.12.10.1UNKNOWN
ubuntu13.04noarchfirefox< 23.0+build2-0ubuntu0.13.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	firefox	< 23.0+build2-0ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	firefox	< 23.0+build2-0ubuntu0.12.10.1	UNKNOWN
ubuntu	13.04	noarch	firefox	< 23.0+build2-0ubuntu0.13.04.1	UNKNOWN