CVE-2013-0795

Loading...

General

Score:10.0/10.0
Severity:High
Category:Access Control Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2012-1942, CVE-2013-0773, CVE-2013-0775, CVE-2013-0776, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783, CVE-2013-0787, CVE-2013-0788, CVE-2013-0789, CVE-2013-0790, CVE-2013-0791, CVE-2013-0792, CVE-2013-0793, CVE-2013-0794, CVE-2013-0796, CVE-2013-0797, CVE-2013-0798, CVE-2013-0799, CVE-2013-0800, CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1671, CVE-2013-1672, CVE-2013-1673, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681, CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697

Published on 03/04/13 - Updated on 19/09/17

Description

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Category: Access Control Error

CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Security Notices

US National Vulnerability DatabaseCVE-2013-0795
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2013-AVI-214, CERTA-2013-AVI-215
CentOS CESA-2013:0696, CESA-2013:0697
Debian DSA-2699-1, DSA-2720-1
Mozilla MFSA2013-36
Redhat RHSA-2013:0696, RHSA-2013:0697
SUSE SUSE-SU-2013:0645, SUSE-SU-2013:0842, SUSE-SU-2013:0850, SUSE-SU-2013:1152
Ubuntu USN-1786-1, USN-1786-2, USN-1791-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
mozillafirefox
mozillafirefox_esr
mozillaseamonkey
mozillathunderbird
mozillathunderbird_esr

Share this vulnerability with:

Twitter Facebook LinkedIn Mail