Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-0757

Опубликовано: 08 янв. 2013
Источник: redhat
CVSS2: 6.8
EPSS Высокий

Описание

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.proto in a crafted HTML document.

Отчет

Not Vulnerable. This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
https://bugzilla.redhat.com/show_bug.cgi?id=892147Mozilla: Chrome Object Wrapper (COW) bypass through changing prototype (MFSA 2013-14)

EPSS

Процентиль: 99%
0.74572
Высокий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-0757

ubuntu
около 13 лет назад

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.

nvd логотип

CVE-2013-0757

nvd
около 13 лет назад

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.

debian логотип

CVE-2013-0757

debian
около 13 лет назад

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox befo ...

github логотип

GHSA-vw2x-fj5h-mmwq

github
больше 3 лет назад

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.

EPSS

Процентиль: 99%
0.74572
Высокий

6.8 Medium

CVSS2