CVE-2013-1711

Publication date 6 August 2013

Last updated 24 July 2024

Ubuntu priority

The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	13.04 raring	Fixed 23.0+build2-0ubuntu0.13.04.1
	12.10 quantal	Fixed 23.0+build2-0ubuntu0.12.10.1
	12.04 LTS precise	Fixed 23.0+build2-0ubuntu0.12.04.1
	10.04 LTS lucid	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1924-1
Firefox vulnerabilities
6 August 2013

Other references

http://www.mozilla.org/security/announce/2013/mfsa2013-70.html
https://www.cve.org/CVERecord?id=CVE-2013-1711