Home > Vulnerability Database > CVE-2013-1713

Mend.io Vulnerability Database

CVE-2013-1713

Date: August 6, 2013

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site.

Severity Score

3.7

Related Resources (10)

Url: http://www.debian.org/security/2013/dsa-2746

Url: http://www.debian.org/security/2013/dsa-2735

Url: http://www.securityfocus.com/bid/61876

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-1713

Url: https://access.redhat.com/security/cve/CVE-2013-1713

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1713

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18884

Url: http://www.mozilla.org/security/announce/2013/mfsa2013-72.html

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=887098

Url: https://www.mend.io/vulnerability-database/CVE-2013-1713

Severity Score

3.7

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-1713

Date: August 6, 2013

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?