CVE-2013-1695

medium

Description

Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.

References

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html

http://www.mozilla.org/security/announce/2013/mfsa2013-57.html

http://www.ubuntu.com/usn/USN-1890-1

https://bugzilla.mozilla.org/show_bug.cgi?id=849791

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16433

Details

Source: MITRE

Published: 2013-06-26

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM