Your submission was sent successfully! Close

CVE-2013-1670

Published: 14 May 2013

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (21.0+build1-0ubuntu0.12.04.3)
quantal
Released (21.0+build1-0ubuntu0.12.10.2)
raring
Released (21.0+build1-0ubuntu0.12.04.2)
upstream
Released (21.0)
seamonkey
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage

thunderbird
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (17.0.6+build1-0ubuntu0.12.04.1)
quantal
Released (17.0.6+build1-0ubuntu0.12.10.1)
raring
Released (17.0.6+build1-0ubuntu0.13.04.1)
upstream
Released (17.0.6)
xulrunner-1.9.2
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage