CVE-2013-0774

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=827193	Exploit Issue Tracking Patch Vendor Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-25.html	Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html	Mailing List Third Party Advisory
http://www.ubuntu.com/usn/USN-1729-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-1748-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-1729-2	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html	Mailing List Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16797	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird_esr::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*

Information

Published : 2013-02-19 15:55

Updated : 2020-08-06 09:40

NVD link : CVE-2013-0774

Mitre link : CVE-2013-0774

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

mozilla

firefox_esr
thunderbird
firefox
seamonkey
thunderbird_esr

canonical

ubuntu_linux

opensuse

opensuse

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=827193", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=827193", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-25.html", "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-25.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html", "name": "openSUSE-SU-2013:0324", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.ubuntu.com/usn/USN-1729-1", "name": "USN-1729-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.ubuntu.com/usn/USN-1748-1", "name": "USN-1748-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.ubuntu.com/usn/USN-1729-2", "name": "USN-1729-2", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html", "name": "openSUSE-SU-2013:0323", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16797", "name": "oval:org.mitre.oval:def:16797", "tags": ["Third Party Advisory"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-0774", "ASSIGNER": "security@mozilla.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2013-02-19T23:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "19.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "17.0.3"}, {"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.16"}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "17.0.3"}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "17.0.3"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-08-06T16:40Z"}