Vulnerability Details : CVE-2013-0774
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.
Exploit prediction scoring system (EPSS) score for CVE-2013-0774
Probability of exploitation activity in the next 30 days: 0.43%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-0774
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2013-0774
-
https://bugzilla.mozilla.org/show_bug.cgi?id=827193
827193 - (CVE-2013-0774) disclosure of profile directory name in JavaScript variable visible to WorkersExploit;Issue Tracking;Patch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1729-2
USN-1729-2: Firefox regression | Ubuntu security noticesThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16797
Repository / Oval RepositoryThird Party Advisory
-
http://www.mozilla.org/security/announce/2013/mfsa2013-25.html
Privacy leak in JavaScript Workers — MozillaVendor Advisory
-
http://www.ubuntu.com/usn/USN-1729-1
USN-1729-1: Firefox vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
openSUSE-SU-2013:0324-1: moderate: Mozilla FebruarysMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html
[security-announce] openSUSE-SU-2013:0323-1: important: Mozilla: FebruarMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1748-1
USN-1748-1: Thunderbird vulnerabilities | Ubuntu security noticesThird Party Advisory
Products affected by CVE-2013-0774
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*