Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances.

Affected configurations

Vulners

Node

mozillafirefoxRange<23

mozillafirefox_esrRange<17.0.8

mozillaseamonkeyRange<2.20

mozillathunderbirdRange<17.0.8

mozillathunderbird_esrRange<17.0.8

CPENameOperatorVersion
firefoxlt23
firefox esrlt17.0.8
seamonkeylt2.20
thunderbirdlt17.0.8
thunderbird esrlt17.0.8

Name	Operator	Version
firefox	lt	23
firefox esr	lt	17.0.8
seamonkey	lt	2.20
thunderbird	lt	17.0.8
thunderbird esr	lt	17.0.8

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1710

bugzilla.mozilla.org/show_bug.cgi?id=871368

saint 4

nvd 1

prion 1

cve 1

openvas 54

cvelist 1

ubuntucve 1

metasploit 2

seebug 3

checkpoint_advisories 1

zdt 2

packetstorm 2

exploitdb 2

redhat 2

nessus 33

debian 2

mageia 2

ubuntu 3

veracode 5

centos 2

osv 2

oraclelinux 2

suse 6

ibm 2

freebsd 1

securityvulns 1

gentoo 1

saint

Firefox crypto.generateCRMFRequest command execution

2014-08-21 00:00:00

Firefox crypto.generateCRMFRequest command execution

2014-08-21 00:00:00

Firefox crypto.generateCRMFRequest command execution

2014-08-21 00:00:00

nvd

CVE-2013-1710

2013-08-07 01:55:04

prion

Cross site scripting

2013-08-07 01:55:00

cve

CVE-2013-1710

2013-08-07 01:55:04

openvas

Mozilla Firefox Security Advisory (MFSA2013-69) - Linux

2021-11-11 00:00:00

Oracle: Security Advisory (ELSA-2013-1142)

2015-10-06 00:00:00

CentOS Update for firefox CESA-2013:1140 centos5

2013-08-08 00:00:00

cvelist

CVE-2013-1710

2013-08-07 01:00:00

ubuntucve

CVE-2013-1710

2013-08-06 00:00:00

metasploit

Firefox toString console.time Privileged Javascript Injection

2014-08-15 20:17:37

Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution

2013-12-18 20:31:42

seebug

Mozilla Firefox/SeaMonkey/Thunderbird CRMF请求生成跨站脚本漏洞

2013-12-25 00:00:00

Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution

2014-07-01 00:00:00

Firefox toString console.time Privileged Javascript Injection

2014-08-20 00:00:00

checkpoint_advisories

Mozilla Firefox generateCRMFRequest Remote Code Execution (CVE-2012-3993; CVE-2013-1710)

2014-04-30 00:00:00

zdt

Firefox toString console.time Privileged Javascript Injection Exploit

2014-08-18 00:00:00

Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution Vulnerability

2013-12-24 00:00:00

packetstorm

Firefox 15.0.1 Code Execution

2013-12-23 00:00:00

Firefox toString console.time Privileged Javascript Injection

2014-08-18 00:00:00

exploitdb

Mozilla Firefox - toString console.time Privileged JavaScript Injection (Metasploit)

2014-08-19 00:00:00

Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)

2013-08-06 00:00:00

redhat

(RHSA-2013:1140) Critical: firefox security update

2013-08-07 00:00:00

(RHSA-2013:1142) Important: thunderbird security update

2013-08-07 00:00:00

nessus

CentOS 5 / 6 : thunderbird (CESA-2013:1142)

2013-08-08 00:00:00

Thunderbird ESR 17.x < 17.0.8 Multiple Vulnerabilities (Mac OS X)

2013-08-08 00:00:00

RHEL 5 / 6 : thunderbird (RHSA-2013:1142)

2013-08-08 00:00:00

debian

[SECURITY] [DSA 2746-1] icedove security update

2013-08-29 17:36:06

[SECURITY] [DSA 2735-1] iceweasel security update

2013-08-07 14:14:06

mageia

Updated firefox and thunderbird packages fix security vulnerabilities

2013-08-12 17:54:58

Updated iceape packages fix many vulnerabilities

2013-11-21 00:16:49

ubuntu

Thunderbird vulnerabilities

2013-08-07 00:00:00

Ubufox and Unity Firefox Extension update

2013-08-06 00:00:00

Firefox vulnerabilities

2013-08-06 00:00:00

veracode

Cross Site Scripting (XSS)

2019-05-02 04:48:19

Information Disclosure

2019-05-02 04:48:22

Cross-site Scripting (XSS)

2019-05-02 04:48:19

centos

thunderbird security update

2013-08-07 20:14:12

firefox, xulrunner security update

2013-08-07 11:33:09

osv

icedove - several

2013-08-29 00:00:00

iceweasel - several

2013-08-07 00:00:00

oraclelinux

thunderbird security update

2013-08-07 00:00:00

firefox security update

2013-08-07 00:00:00

suse

Security update for Mozilla Firefox (important)

2013-08-27 08:04:16

Security update for Mozilla Firefox (important)

2013-08-23 05:04:11

Security update for Mozilla Firefox (important)

2013-08-14 00:04:15

ibm

Security Bulletin: IBM Scale Out Network Attached Storage V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities.

2022-09-26 04:23:14

Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for Multiple Vendor Security Vulnerabilities.

2022-09-26 04:23:14

freebsd

mozilla -- multiple vulnerabilities

2013-08-06 00:00:00

securityvulns

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

2013-08-12 00:00:00

gentoo

Mozilla Products: Multiple vulnerabilities

2013-09-27 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.927 High

EPSS

Percentile

99.0%

JSON

Related for MFSA2013-69