CVE-2013-0757

HIGH

Description

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.

References

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html

http://www.mozilla.org/security/announce/2013/mfsa2013-14.html

http://www.ubuntu.com/usn/USN-1681-1

http://www.ubuntu.com/usn/USN-1681-2

http://www.ubuntu.com/usn/USN-1681-4

https://bugzilla.mozilla.org/show_bug.cgi?id=813901

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16939

Details

Source: MITRE

Published: 2013-01-13

Updated: 2020-08-11

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
83574SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2013:0306-1)NessusSuSE Local Security Checks
critical
74918openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)NessusSuSE Local Security Checks
critical
70183GLSA-201309-23 : Mozilla Products: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
64480Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-4)NessusUbuntu Local Security Checks
critical
64136SuSE 11.2 Security Update : MozillaFirefox (SAT Patch Number 7224)NessusSuSE Local Security Checks
critical
63665Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)NessusUbuntu Local Security Checks
critical
63626SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8426)NessusSuSE Local Security Checks
critical
801376Mozilla SeaMonkey 2.x <= 2.14 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801345Mozilla Firefox 17.x <= 17 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801308Mozilla Thunderbird 17.x < 17.0.2 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
800108Mozilla Firefox 17.x <= 17 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6670SeaMonkey 2.14.x < 2.15 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
6669Mozilla Thunderbird < 17.0.2 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6668Mozilla Firefox < 18.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
63554SeaMonkey < 2.15 Multiple VulnerabilitiesNessusWindows
critical
63553Mozilla Thunderbird < 17.0.2 Multiple VulnerabilitiesNessusWindows
critical
63551Firefox < 18.0 Multiple VulnerabilitiesNessusWindows
critical
63550Firefox ESR 17.x < 17.0.2 Multiple VulnerabilitiesNessusWindows
critical
63548Firefox 10.x < 10.0.12 Multiple VulnerabilitiesNessusWindows
critical
63547Thunderbird < 17.0.2 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
63545Firefox < 18.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
63544Firefox ESR < 17.0.2 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
63463FreeBSD : mozilla -- multiple vulnerabilities (a4ed6632-5aa9-11e2-8fcb-c8600054b392)NessusFreeBSD Local Security Checks
critical
63448Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)NessusUbuntu Local Security Checks
critical
63447Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)NessusUbuntu Local Security Checks
critical