Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-1692

Опубликовано: 25 июн. 2013
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5thunderbirdAffected
Red Hat Enterprise Linux 5thunderbirdFixedRHSA-2013:098225.06.2013
Red Hat Enterprise Linux 5firefoxFixedRHSA-2013:098125.06.2013
Red Hat Enterprise Linux 5xulrunnerFixedRHSA-2013:098125.06.2013
Red Hat Enterprise Linux 6firefoxFixedRHSA-2013:098125.06.2013
Red Hat Enterprise Linux 6xulrunnerFixedRHSA-2013:098125.06.2013
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2013:098225.06.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-352
https://bugzilla.redhat.com/show_bug.cgi?id=977603Mozilla: Data in the body of XHR HEAD requests leads to CSRF attacks (MFSA 2013-54)

EPSS

Процентиль: 72%
0.00728
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-1692

ubuntu
около 12 лет назад

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.

nvd логотип

CVE-2013-1692

nvd
около 12 лет назад

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.

debian логотип

CVE-2013-1692

debian
около 12 лет назад

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbi ...

github логотип

GHSA-6wqq-ghxp-r688

github
больше 3 лет назад

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.

oracle-oval логотип

ELSA-2013-0982

oracle-oval
около 12 лет назад

ELSA-2013-0982: thunderbird security update (IMPORTANT)

EPSS

Процентиль: 72%
0.00728
Низкий

4.3 Medium

CVSS2