CVE-2013-0765 : Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of We

Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Published 2013-02-19 23:55:01

Updated 2020-08-06 16:02:11

Source Mozilla Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-0765

Probability of exploitation activity in the next 30 days: 1.02%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-0765

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2013-0765

http://www.mozilla.org/security/announce/2013/mfsa2013-23.html

Wrapped WebIDL objects can be wrapped again — Mozilla
Third Party Advisory;Vendor Advisory
http://www.ubuntu.com/usn/USN-1729-2

USN-1729-2: Firefox regression | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17097

Repository / Oval Repository
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=830614

830614 - (CVE-2013-0765) Wrapping a WebIDL object should beware WrapNativeParent reentering itself
Issue Tracking;Patch;Vendor Advisory
http://www.ubuntu.com/usn/USN-1729-1

USN-1729-1: Firefox vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html

openSUSE-SU-2013:0324-1: moderate: Mozilla Februarys
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html

[security-announce] openSUSE-SU-2013:0323-1: important: Mozilla: Februar
Mailing List;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2013-0765

Mozilla » Firefox
Versions before (<) 19.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey
Versions before (<) 2.16
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 11.10
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions
Opensuse » Opensuse » Version: 11.4
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.2
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.1
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-0765

Exploit prediction scoring system (EPSS) score for CVE-2013-0765

CVSS scores for CVE-2013-0765

References for CVE-2013-0765

Products affected by CVE-2013-0765