Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2013-1692

Опубликовано: 26 июн. 2013
Источник: debian
EPSS Низкий

Описание

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
iceweaselfixed17.0.7esr-1package
iceweaselend-of-lifesqueezepackage
icedovefixed17.0.7-1package
icedoveend-of-lifesqueezepackage
iceaperemovedpackage
iceapeend-of-lifesqueezepackage
iceapeend-of-lifewheezypackage

EPSS

Процентиль: 72%
0.00728
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2013-1692

ubuntu
около 12 лет назад

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.

redhat логотип

CVE-2013-1692

redhat
около 12 лет назад

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.

nvd логотип

CVE-2013-1692

nvd
около 12 лет назад

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.

github логотип

GHSA-6wqq-ghxp-r688

github
больше 3 лет назад

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.

oracle-oval логотип

ELSA-2013-0982

oracle-oval
около 12 лет назад

ELSA-2013-0982: thunderbird security update (IMPORTANT)

EPSS

Процентиль: 72%
0.00728
Низкий