CVE-2013-1699

MEDIUM

Description

The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters.

References

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html

http://www.mozilla.org/security/announce/2013/mfsa2013-61.html

http://www.ubuntu.com/usn/USN-1890-1

https://bugzilla.mozilla.org/show_bug.cgi?id=840882

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17296

Details

Source: MITRE

Published: 2013-06-26

Updated: 2017-09-19

Type: CWE-310

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
75081openSUSE Security Update : seamonkey (openSUSE-SU-2013:1180-1)NessusSuSE Local Security Checks
critical
75073openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1142-1)NessusSuSE Local Security Checks
critical
67186Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox regression (USN-1890-2)NessusUbuntu Local Security Checks
critical
801326Mozilla Thunderbird < 17.0.7 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
6894Mozilla Thunderbird < 17.0.7 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
67000Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1890-1)NessusUbuntu Local Security Checks
critical
66999FreeBSD : mozilla -- multiple vulnerabilities (b3fcb387-de4b-11e2-b1c6-0025905a4771)NessusFreeBSD Local Security Checks
critical
801353Mozilla Firefox < 22.0 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6886Mozilla Firefox < 22.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
66994Mozilla Thunderbird < 17.0.7 Multiple VulnerabilitiesNessusWindows
critical
66993Firefox < 22.0 Multiple VulnerabilitiesNessusWindows
critical
66990Thunderbird < 17.0.7 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
66989Firefox < 22.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical