CVE-2013-1697 in Firefoxinfo

Zusammenfassung (Englisch)

The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservieren

13.02.2013

Veröffentlichung

25.06.2013

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
9283	Mozilla Firefox XrayWrappers defaultValue erweiterte Rechte	264	Nicht definiert	Offizieller Fix	CVE-2013-1697

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

◂ ZurückÜbersichtWeiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!