CVE-2013-6636

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Input Validation Error

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2013-6634, CVE-2013-6635, CVE-2013-6637, CVE-2013-6638, CVE-2013-6639, CVE-2013-6640, CVE-2014-1681

Published on 07/12/13 - Updated on 06/03/14

Description

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2013-6636
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2013-AVI-654
Debian DSA-2811-1
Renater 2013/VULN533

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
googlechrome

Share this vulnerability with:

Twitter Facebook LinkedIn Mail