Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-1737

Опубликовано: 17 сент. 2013
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5thunderbirdAffected
Red Hat Enterprise Linux 5thunderbirdFixedRHSA-2013:126917.09.2013
Red Hat Enterprise Linux 5firefoxFixedRHSA-2013:126817.09.2013
Red Hat Enterprise Linux 5xulrunnerFixedRHSA-2013:126817.09.2013
Red Hat Enterprise Linux 6firefoxFixedRHSA-2013:126817.09.2013
Red Hat Enterprise Linux 6xulrunnerFixedRHSA-2013:126817.09.2013
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2013:126917.09.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1009041Mozilla: User-defined properties on DOM proxies get the wrong "this" object (MFSA 2013-91)

EPSS

Процентиль: 61%
0.00418
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-1737

ubuntu
почти 12 лет назад

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.

nvd логотип

CVE-2013-1737

nvd
почти 12 лет назад

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.

debian логотип

CVE-2013-1737

debian
почти 12 лет назад

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbi ...

github логотип

GHSA-cmgg-ggj8-p45q

github
больше 3 лет назад

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.

oracle-oval логотип

ELSA-2013-1269

oracle-oval
почти 12 лет назад

ELSA-2013-1269: thunderbird security update (IMPORTANT)

EPSS

Процентиль: 61%
0.00418
Низкий

4.3 Medium

CVSS2