Home > Vulnerability Database > CVE-2013-1670

Mend.io Vulnerability Database

CVE-2013-1670

Date: May 16, 2013

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.

Severity Score

3.7

Related Resources (21)

Url: http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-1670

Url: http://www.ubuntu.com/usn/USN-1823-1

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2013:165

Url: http://www.ubuntu.com/usn/USN-1822-1

Url: http://www.osvdb.org/93427

Url: http://www.debian.org/security/2013/dsa-2699

Url: http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17046

Url: http://www.exploit-db.com/exploits/34363

Url: http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html

Url: http://rhn.redhat.com/errata/RHSA-2013-0821.html

Url: https://access.redhat.com/security/cve/CVE-2013-1670

Url: http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html

Url: http://www.mozilla.org/security/announce/2013/mfsa2013-42.html

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=853709

Url: http://www.securityfocus.com/bid/59865

Url: http://rhn.redhat.com/errata/RHSA-2013-0820.html

Url: http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1670

Url: https://www.mend.io/vulnerability-database/CVE-2013-1670

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-1670

Date: May 16, 2013

Severity Score

Related Resources (21)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?