CVE-2013-0776

MEDIUM

Description

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.

References

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html

http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html

http://rhn.redhat.com/errata/RHSA-2013-0271.html

http://rhn.redhat.com/errata/RHSA-2013-0272.html

http://www.debian.org/security/2013/dsa-2699

http://www.mozilla.org/security/announce/2013/mfsa2013-27.html

http://www.ubuntu.com/usn/USN-1729-1

http://www.ubuntu.com/usn/USN-1729-2

http://www.ubuntu.com/usn/USN-1748-1

https://bugzilla.mozilla.org/show_bug.cgi?id=796475

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16666

Details

Source: MITRE

Published: 2013-02-19

Updated: 2020-08-06

Type: CWE-295

Risk Information

CVSS v2.0

Base Score: 4

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 4.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_aus:5.9:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
74898openSUSE Security Update : Mozilla (openSUSE-SU-2013:0323-1)NessusSuSE Local Security Checks
critical
70183GLSA-201309-23 : Mozilla Products: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
68733Oracle Linux 6 : thunderbird (ELSA-2013-0272)NessusOracle Linux Local Security Checks
high
68732Oracle Linux 5 / 6 : firefox (ELSA-2013-0271)NessusOracle Linux Local Security Checks
high
66766Debian DSA-2699-1 : iceweasel - several vulnerabilitiesNessusDebian Local Security Checks
critical
65598SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8506)NessusSuSE Local Security Checks
critical
65175SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7447)NessusSuSE Local Security Checks
critical
64967Ubuntu 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1729-2)NessusUbuntu Local Security Checks
critical
64892Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1748-1)NessusUbuntu Local Security Checks
critical
801258Mozilla SeaMonkey < 2.16 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6693SeaMonkey < 2.16 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
64779Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130219)NessusScientific Linux Local Security Checks
critical
64777Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130219)NessusScientific Linux Local Security Checks
critical
64729CentOS 5 / 6 : thunderbird (CESA-2013:0272)NessusCentOS Local Security Checks
high
801245Mozilla Thunderbird 17.x < 17.0.3 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
801233Mozilla Firefox 18.x <= 18 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6692Mozilla Thunderbird < 17.0.3 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6691Mozilla Firefox < 19.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
64726SeaMonkey < 2.16 Multiple VulnerabilitiesNessusWindows
critical
64725Mozilla Thunderbird ESR 17.x < 17.0.3 Multiple VulnerabilitiesNessusWindows
critical
64724Mozilla Thunderbird < 17.0.3 Multiple VulnerabilitiesNessusWindows
critical
64723Firefox < 19.0 Multiple VulnerabilitiesNessusWindows
critical
64722Firefox ESR 17.x < 17.0.3 Multiple VulnerabilitiesNessusWindows
critical
64721Thunderbird ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
64720Thunderbird < 17.0.3 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
64719Firefox 18.x Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
64718Firefox ESR 17.x < 17.0.3 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
64698Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1729-1)NessusUbuntu Local Security Checks
critical
64697RHEL 5 / 6 : thunderbird (RHSA-2013:0272)NessusRed Hat Local Security Checks
high
64696RHEL 5 / 6 : firefox (RHSA-2013:0271)NessusRed Hat Local Security Checks
high
64693FreeBSD : mozilla -- multiple vulnerabilities (e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02)NessusFreeBSD Local Security Checks
high
64692CentOS 5 / 6 : devhelp / firefox / libproxy / xulrunner / yelp (CESA-2013:0271)NessusCentOS Local Security Checks
high