CVE-2013-0776

MEDIUM

Description

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.

References

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html

http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html

http://rhn.redhat.com/errata/RHSA-2013-0271.html

http://rhn.redhat.com/errata/RHSA-2013-0272.html

http://www.debian.org/security/2013/dsa-2699

http://www.mozilla.org/security/announce/2013/mfsa2013-27.html

http://www.ubuntu.com/usn/USN-1729-1

http://www.ubuntu.com/usn/USN-1729-2

http://www.ubuntu.com/usn/USN-1748-1

https://bugzilla.mozilla.org/show_bug.cgi?id=796475

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16666

Details

Source: MITRE

Published: 2013-02-19

Updated: 2020-08-06

Type: CWE-295

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 4.9

Severity: MEDIUM

Vulnerable Software

Tenable Plugins

View all (32 total)

ID	Name	Product	Family	Severity
74898	openSUSE Security Update : Mozilla (openSUSE-SU-2013:0323-1)	Nessus	SuSE Local Security Checks	critical
70183	GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
68733	Oracle Linux 6 : thunderbird (ELSA-2013-0272)	Nessus	Oracle Linux Local Security Checks	high
68732	Oracle Linux 5 / 6 : firefox (ELSA-2013-0271)	Nessus	Oracle Linux Local Security Checks	high
66766	Debian DSA-2699-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	critical
65598	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8506)	Nessus	SuSE Local Security Checks	critical
65175	SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7447)	Nessus	SuSE Local Security Checks	critical
64967	Ubuntu 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1729-2)	Nessus	Ubuntu Local Security Checks	critical
64892	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1748-1)	Nessus	Ubuntu Local Security Checks	critical
801258	Mozilla SeaMonkey < 2.16 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6693	SeaMonkey < 2.16 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
64779	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130219)	Nessus	Scientific Linux Local Security Checks	critical
64777	Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130219)	Nessus	Scientific Linux Local Security Checks	critical
64729	CentOS 5 / 6 : thunderbird (CESA-2013:0272)	Nessus	CentOS Local Security Checks	high
801245	Mozilla Thunderbird 17.x < 17.0.3 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801233	Mozilla Firefox 18.x <= 18 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
64726	SeaMonkey < 2.16 Multiple Vulnerabilities	Nessus	Windows	critical
64725	Mozilla Thunderbird ESR 17.x < 17.0.3 Multiple Vulnerabilities	Nessus	Windows	critical
64724	Mozilla Thunderbird < 17.0.3 Multiple Vulnerabilities	Nessus	Windows	critical
64723	Firefox < 19.0 Multiple Vulnerabilities	Nessus	Windows	critical
64722	Firefox ESR 17.x < 17.0.3 Multiple Vulnerabilities	Nessus	Windows	critical
64721	Thunderbird ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
64720	Thunderbird < 17.0.3 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
64719	Firefox 18.x Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
64718	Firefox ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
64698	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1729-1)	Nessus	Ubuntu Local Security Checks	critical
64697	RHEL 5 / 6 : thunderbird (RHSA-2013:0272)	Nessus	Red Hat Local Security Checks	high
64696	RHEL 5 / 6 : firefox (RHSA-2013:0271)	Nessus	Red Hat Local Security Checks	high
64693	FreeBSD : mozilla -- multiple vulnerabilities (e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02)	Nessus	FreeBSD Local Security Checks	high
64692	CentOS 5 / 6 : devhelp / firefox / libproxy / xulrunner / yelp (CESA-2013:0271)	Nessus	CentOS Local Security Checks	high
6692	Mozilla Thunderbird < 17.0.3 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
6691	Mozilla Firefox < 19.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high