Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses.
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
http://www.mozilla.org/security/announce/2013/mfsa2013-58.html
http://www.ubuntu.com/usn/USN-1890-1
https://bugzilla.mozilla.org/show_bug.cgi?id=761667
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16992
OR
cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 21.0 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
75081 | openSUSE Security Update : seamonkey (openSUSE-SU-2013:1180-1) | Nessus | SuSE Local Security Checks | critical |
75073 | openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1142-1) | Nessus | SuSE Local Security Checks | critical |
67186 | Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox regression (USN-1890-2) | Nessus | Ubuntu Local Security Checks | critical |
801326 | Mozilla Thunderbird < 17.0.7 Multiple Vulnerabilities | Log Correlation Engine | SMTP Clients | high |
6894 | Mozilla Thunderbird < 17.0.7 Multiple Vulnerabilities | Nessus Network Monitor | SMTP Clients | high |
67000 | Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1890-1) | Nessus | Ubuntu Local Security Checks | critical |
66999 | FreeBSD : mozilla -- multiple vulnerabilities (b3fcb387-de4b-11e2-b1c6-0025905a4771) | Nessus | FreeBSD Local Security Checks | critical |
801353 | Mozilla Firefox < 22.0 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
6886 | Mozilla Firefox < 22.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | critical |
66994 | Mozilla Thunderbird < 17.0.7 Multiple Vulnerabilities | Nessus | Windows | critical |
66993 | Firefox < 22.0 Multiple Vulnerabilities | Nessus | Windows | critical |
66990 | Thunderbird < 17.0.7 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
66989 | Firefox < 22.0 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |