CVE-2013-1692

MEDIUM

Description

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.

References

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html

http://rhn.redhat.com/errata/RHSA-2013-0981.html

http://rhn.redhat.com/errata/RHSA-2013-0982.html

http://www.debian.org/security/2013/dsa-2716

http://www.debian.org/security/2013/dsa-2720

http://www.mozilla.org/security/announce/2013/mfsa2013-54.html

http://www.securityfocus.com/bid/60783

http://www.ubuntu.com/usn/USN-1890-1

http://www.ubuntu.com/usn/USN-1891-1

https://bugzilla.mozilla.org/show_bug.cgi?id=866915

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17096

Details

Source: MITRE

Published: 2013-06-26

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

ID	Name	Product	Family	Severity
75081	openSUSE Security Update : seamonkey (openSUSE-SU-2013:1180-1)	Nessus	SuSE Local Security Checks	critical
75073	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1142-1)	Nessus	SuSE Local Security Checks	critical
75072	openSUSE Security Update : xulrunner (openSUSE-SU-2013:1143-1)	Nessus	SuSE Local Security Checks	critical
75071	openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1141-1)	Nessus	SuSE Local Security Checks	critical
70183	GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
68949	SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8001)	Nessus	SuSE Local Security Checks	critical
68840	Oracle Linux 6 : thunderbird (ELSA-2013-0982)	Nessus	Oracle Linux Local Security Checks	critical
68839	Oracle Linux 5 / 6 : firefox (ELSA-2013-0981)	Nessus	Oracle Linux Local Security Checks	critical
67201	Debian DSA-2720-1 : icedove - several vulnerabilities	Nessus	Debian Local Security Checks	critical
67198	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8636)	Nessus	SuSE Local Security Checks	critical
67195	SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7976)	Nessus	SuSE Local Security Checks	critical
67186	Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox regression (USN-1890-2)	Nessus	Ubuntu Local Security Checks	critical
67101	Debian DSA-2716-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	critical
801326	Mozilla Thunderbird < 17.0.7 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
6894	Mozilla Thunderbird < 17.0.7 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
67001	Ubuntu 12.04 LTS / 12.10 / 13.04 : thunderbird vulnerabilities (USN-1891-1)	Nessus	Ubuntu Local Security Checks	critical
67000	Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1890-1)	Nessus	Ubuntu Local Security Checks	critical
66999	FreeBSD : mozilla -- multiple vulnerabilities (b3fcb387-de4b-11e2-b1c6-0025905a4771)	Nessus	FreeBSD Local Security Checks	critical
66997	CentOS 5 / 6 : thunderbird (CESA-2013:0982)	Nessus	CentOS Local Security Checks	critical
66996	CentOS 5 / 6 : firefox / xulrunner (CESA-2013:0981)	Nessus	CentOS Local Security Checks	critical
801353	Mozilla Firefox < 22.0 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
66995	Mozilla Thunderbird ESR 17.x < 17.0.7 Multiple Vulnerabilities	Nessus	Windows	critical
66994	Mozilla Thunderbird < 17.0.7 Multiple Vulnerabilities	Nessus	Windows	critical
66993	Firefox < 22.0 Multiple Vulnerabilities	Nessus	Windows	critical
66992	Firefox ESR 17.x < 17.0.7 Multiple Vulnerabilities	Nessus	Windows	critical
66991	Thunderbird ESR 17.x < 17.0.7 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
66990	Thunderbird < 17.0.7 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
66989	Firefox < 22.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
66988	Firefox ESR 17.x < 17.0.7 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
66984	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
66983	Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
66980	RHEL 5 / 6 : thunderbird (RHSA-2013:0982)	Nessus	Red Hat Local Security Checks	critical
66979	RHEL 5 / 6 : firefox (RHSA-2013:0981)	Nessus	Red Hat Local Security Checks	critical
6886	Mozilla Firefox < 22.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical