CVE-2013-0794
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.8
Description
Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mozilla | firefox | {"endIncluding":"19.0.2"} | |
| mozilla | firefox | 19.0 | |
| mozilla | firefox | 19.0.1 | |
| mozilla | seamonkey | {"endIncluding":"2.17"} | |
| mozilla | seamonkey | 2.0 | |
| mozilla | seamonkey | 2.0.1 | |
| mozilla | seamonkey | 2.0.2 | |
| mozilla | seamonkey | 2.0.3 | |
| mozilla | seamonkey | 2.0.4 | |
| mozilla | seamonkey | 2.0.5 | |
| mozilla | seamonkey | 2.0.6 | |
| mozilla | seamonkey | 2.0.7 | |
| mozilla | seamonkey | 2.0.8 | |
| mozilla | seamonkey | 2.0.9 | |
| mozilla | seamonkey | 2.0.10 | |
| mozilla | seamonkey | 2.0.11 | |
| mozilla | seamonkey | 2.0.12 | |
| mozilla | seamonkey | 2.0.13 | |
| mozilla | seamonkey | 2.0.14 | |
| mozilla | seamonkey | 2.1 | |
| mozilla | seamonkey | 2.2 | |
| mozilla | seamonkey | 2.3 | |
| mozilla | seamonkey | 2.3.1 | |
| mozilla | seamonkey | 2.3.2 | |
| mozilla | seamonkey | 2.3.3 | |
| mozilla | seamonkey | 2.4 | |
| mozilla | seamonkey | 2.4.1 | |
| mozilla | seamonkey | 2.5 | |
| mozilla | seamonkey | 2.6 | |
| mozilla | seamonkey | 2.6.1 | |
| mozilla | seamonkey | 2.7 | |
| mozilla | seamonkey | 2.7.1 | |
| mozilla | seamonkey | 2.7.2 | |
| mozilla | seamonkey | 2.8 | |
| mozilla | seamonkey | 2.9 | |
| mozilla | seamonkey | 2.9.1 | |
| mozilla | seamonkey | 2.10 | |
| mozilla | seamonkey | 2.10.1 | |
| mozilla | seamonkey | 2.11 | |
| mozilla | seamonkey | 2.12 | |
| mozilla | seamonkey | 2.12.1 | |
| mozilla | seamonkey | 2.13 | |
| mozilla | seamonkey | 2.13.1 | |
| mozilla | seamonkey | 2.13.2 | |
| mozilla | seamonkey | 2.14 | |
| mozilla | seamonkey | 2.15 | |
| mozilla | seamonkey | 2.15.1 | |
| mozilla | seamonkey | 2.15.2 | |
| mozilla | seamonkey | 2.16 | |
| mozilla | seamonkey | 2.16.1 | |
| mozilla | seamonkey | 2.16.2 | |
| mozilla | seamonkey | 2.17 | |
References
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-37.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=626775
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17065
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-37.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=626775
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17065
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.