CVE-2013-1698

2013-06-2603:19:10

CWE-264

mozilla

web.nvd.nist.gov

mozilla firefox

getusermedia

permission

vulnerability

remote attackers

crafted web site

iframe elements

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

74.9%

JSON

The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME elements.

Affected configurations

Nvd

Node

mozillafirefoxRange≤21.0

mozillafirefoxMatch19.0

mozillafirefoxMatch19.0.1

mozillafirefoxMatch19.0.2

mozillafirefoxMatch20.0

mozillafirefoxMatch20.0.1

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox19.0cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
mozillafirefox19.0.1cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
mozillafirefox19.0.2cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
mozillafirefox20.0cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
mozillafirefox20.0.1cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	19.0	cpe:2.3:a:mozilla:firefox:19.0:::::::*
mozilla	firefox	19.0.1	cpe:2.3:a:mozilla:firefox:19.0.1:::::::*
mozilla	firefox	19.0.2	cpe:2.3:a:mozilla:firefox:19.0.2:::::::*
mozilla	firefox	20.0	cpe:2.3:a:mozilla:firefox:20.0:::::::*
mozilla	firefox	20.0.1	cpe:2.3:a:mozilla:firefox:20.0.1:::::::*