Vulnerability Details : CVE-2013-0765
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2013-0765
Probability of exploitation activity in the next 30 days: 1.02%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-0765
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2013-0765
-
http://www.mozilla.org/security/announce/2013/mfsa2013-23.html
Wrapped WebIDL objects can be wrapped again — MozillaThird Party Advisory;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1729-2
USN-1729-2: Firefox regression | Ubuntu security noticesThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17097
Repository / Oval RepositoryThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=830614
830614 - (CVE-2013-0765) Wrapping a WebIDL object should beware WrapNativeParent reentering itselfIssue Tracking;Patch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1729-1
USN-1729-1: Firefox vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
openSUSE-SU-2013:0324-1: moderate: Mozilla FebruarysMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html
[security-announce] openSUSE-SU-2013:0323-1: important: Mozilla: FebruarMailing List;Third Party Advisory
Products affected by CVE-2013-0765
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*