Vulnerabilities > CVE-2013-1670 - Permissions, Privileges, and Access Controls vulnerability in Mozilla products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
mozilla
CWE-264
nessus
exploit available

Summary

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.

Vulnerable Configurations

Part Description Count
Application
Mozilla
424

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Exploit-Db

descriptionFirefox toString console.time Privileged Javascript Injection. CVE-2013-1670. Remote exploits for multiple platform
fileexploits/multiple/remote/34363.rb
idEDB-ID:34363
last seen2016-02-03
modified2014-08-19
platformmultiple
port
published2014-08-19
reportermetasploit
sourcehttps://www.exploit-db.com/download/34363/
titleFirefox toString console.time Privileged Javascript Injection
typeremote

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FIREFOX-20130628-130702.NASL
    descriptionMozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security fixes. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-49) Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. (MFSA 2013-50) - Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITab le. (CVE-2013-1684) - Heap-use-after-free in nsIDocument::GetRootElement. (CVE-2013-1685) - Heap-use-after-free in mozilla::ResetDir. (CVE-2013-1686) - Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. (MFSA 2013-51 / CVE-2013-1687) - Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. (MFSA 2013-53 / CVE-2013-1690) - Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. (MFSA 2013-54 / CVE-2013-1692) - Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. (MFSA 2013-55 / CVE-2013-1693) - Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. (MFSA 2013-59 / CVE-2013-1697) - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-30) Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. (MFSA 2013-31 / CVE-2013-0800) - Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. (MFSA 2013-32 / CVE-2013-0799) - Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. (MFSA 2013-34 / CVE-2013-0797) - Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. (MFSA 2013-35 / CVE-2013-0796) - Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser
    last seen2020-06-05
    modified2013-07-18
    plugin id68949
    published2013-07-18
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/68949
    titleSuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8001)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1822-1.NASL
    descriptionMultiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0801, CVE-2013-1669) Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). An attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1670) It was discovered that the file input element could expose the full local path under certain conditions. An attacker could potentially exploit this to steal sensitive information. (CVE-2013-1671) A use-after-free was discovered when resizing video content whilst it is playing. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-1674) It was discovered that some DOMSVGZoomEvent functions could be used without being properly initialized, which could lead to information leakage. (CVE-2013-1675) Abhishek Arya discovered multiple memory safety issues in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66442
    published2013-05-15
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66442
    titleUbuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1822-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_21.NASL
    descriptionThe installed version of Firefox is earlier than 21.0 and is, therefore, potentially affected by multiple vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801, CVE-2013-1669) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - An information leakage exists because the file input control has access to the full path. (CVE-2013-1671) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - The Mozilla Maintenance Service on Windows is vulnerable to a previously fixed privilege escalation attack. Note that new installations of Firefox after version 12 are not affected by this issue. (CVE-2013-1673, CVE-2012-1942) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some
    last seen2020-06-01
    modified2020-06-02
    plugin id66476
    published2013-05-16
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66476
    titleFirefox < 21.0 Multiple Vulnerabilities (Mac OS X)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_21.NASL
    descriptionThe installed version of Firefox is earlier than 21.0 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801, CVE-2013-1669) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - An information leakage exists because the file input control has access to the full path. (CVE-2013-1671) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - The Mozilla Maintenance Service on Windows is vulnerable to a previously fixed privilege escalation attack. Note that new installations of Firefox after version 12 are not affected by this issue. (CVE-2013-1673, CVE-2012-1942) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some
    last seen2020-06-01
    modified2020-06-02
    plugin id66480
    published2013-05-16
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66480
    titleFirefox < 21.0 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2720.NASL
    descriptionMultiple security issues have been found in Icedove, Debian
    last seen2020-03-17
    modified2013-07-07
    plugin id67201
    published2013-07-07
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67201
    titleDebian DSA-2720-1 : icedove - several vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1706_ESR.NASL
    descriptionThe installed version of Thunderbird ESR 17.x is earlier than 17.0.6 and is, therefore, potentially affected the following vulnerabilities: - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some
    last seen2020-06-01
    modified2020-06-02
    plugin id66482
    published2013-05-16
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66482
    titleMozilla Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0821.NASL
    descriptionFrom Red Hat Security Advisory 2013:0821 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.6 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-07-12
    plugin id68821
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68821
    titleOracle Linux 6 : thunderbird (ELSA-2013-0821)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0821.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.6 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-05-15
    plugin id66430
    published2013-05-15
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66430
    titleCentOS 5 / 6 : thunderbird (CESA-2013:0821)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_17_0_6_ESR.NASL
    descriptionThe installed version of Thunderbird ESR 17.x is prior to 17.0.6 and is, therefore, potentially affected the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some
    last seen2020-06-01
    modified2020-06-02
    plugin id66478
    published2013-05-16
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66478
    titleThunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0821.NASL
    descriptionAn updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.6 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-05-15
    plugin id66438
    published2013-05-15
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66438
    titleRHEL 5 / 6 : thunderbird (RHSA-2013:0821)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2699.NASL
    descriptionMultiple security issues have been found in Iceweasel, Debian
    last seen2020-03-17
    modified2013-06-03
    plugin id66766
    published2013-06-03
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66766
    titleDebian DSA-2699-1 : iceweasel - several vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0820.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-05-15
    plugin id66437
    published2013-05-15
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66437
    titleRHEL 5 / 6 : firefox (RHSA-2013:0820)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130514_FIREFOX_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2013-05-16
    plugin id66460
    published2013-05-16
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66460
    titleScientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130514)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_4A1CA8A4BD8211E2B7A0D43D7E0C7C02.NASL
    descriptionThe Mozilla Project reports : MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6) MFSA 2013-42 Privileged access for content level constructor MFSA 2013-43 File input control has access to full path MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries MFSA 2013-46 Use-after-free with video and onresize event MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent MFSA 2013-48 Memory corruption found using Address Sanitizer
    last seen2020-06-01
    modified2020-06-02
    plugin id66455
    published2013-05-16
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66455
    titleFreeBSD : mozilla -- multiple vulnerabilities (4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-448.NASL
    descriptionMozilla xulrunner was updated to 17.0.6esr (bnc#819204) - MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards - MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor - MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event - MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent - MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer
    last seen2020-06-05
    modified2014-06-13
    plugin id75014
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75014
    titleopenSUSE Security Update : xulrunner (openSUSE-SU-2013:0929-1)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1706.NASL
    descriptionThe installed version of Thunderbird 17.x is a version prior to 17.0.5 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some
    last seen2020-06-01
    modified2020-06-02
    plugin id66481
    published2013-05-16
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66481
    titleMozilla Thunderbird 17.x < 17.0.5 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_17_0_6.NASL
    descriptionThe installed version of Thunderbird is earlier than 17.0.6 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some
    last seen2020-06-01
    modified2020-06-02
    plugin id66477
    published2013-05-16
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66477
    titleThunderbird 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130514_THUNDERBIRD_ON_SL5_X.NASL
    descriptionSeveral flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen2020-03-18
    modified2013-05-16
    plugin id66461
    published2013-05-16
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66461
    titleScientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130514)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-447.NASL
    descriptionMozillaThunderbird was updated to security update Thunderbird 17.0.6 (bnc#819204) : - MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards - MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor - MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event - MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent - MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer
    last seen2020-06-05
    modified2014-06-13
    plugin id75013
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75013
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:0894-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70183
    published2013-09-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70183
    titleGLSA-201309-23 : Mozilla Products: Multiple vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_17_0_6_ESR.NASL
    descriptionThe installed version of Firefox ESR 17.x is earlier than 17.0.6 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some
    last seen2020-06-01
    modified2020-06-02
    plugin id66475
    published2013-05-16
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66475
    titleFirefox ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0820.NASL
    descriptionUpdated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id66429
    published2013-05-15
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66429
    titleCentOS 5 / 6 : firefox (CESA-2013:0820)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-438.NASL
    descriptionMozillaFirefox was updated to Firefox 21.0 (bnc#819204) - MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards - MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor - MFSA 2013-43/CVE-2013-1671 (bmo#842255) File input control has access to full path - MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event - MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent - MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer Changes in MozillaFirefox-branding-openSUSE : - modified file locations for Firefox 21 and above - added DuckDuckGo as search option (bnc#801121)
    last seen2020-06-05
    modified2014-06-13
    plugin id75009
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75009
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:0946-1)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1706_ESR.NASL
    descriptionThe installed version of Firefox ESR 17.x is earlier than 17.0.6, and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some
    last seen2020-06-01
    modified2020-06-02
    plugin id66479
    published2013-05-16
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66479
    titleFirefox ESR 17.x < 17.0.6 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1823-1.NASL
    descriptionMultiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-0801, CVE-2013-1669) Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). If a user had scripting enabled, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1670) A use-after-free was discovered when resizing video content whilst it is playing. If a user had scripting enabled, an attacker could potentially exploit this to execute code with the privileges of the user invoking Thunderbird. (CVE-2013-1674) It was discovered that some DOMSVGZoomEvent functions could be used without being properly initialized, which could lead to information leakage. (CVE-2013-1675) Abhishek Arya discovered multiple memory safety issues in Thunderbird. If the user were tricked into opening a specially crafted message, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66443
    published2013-05-15
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66443
    titleUbuntu 12.04 LTS / 12.10 / 13.04 : thunderbird vulnerabilities (USN-1823-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0820.NASL
    descriptionFrom Red Hat Security Advisory 2013:0820 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2013-07-12
    plugin id68820
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68820
    titleOracle Linux 5 / 6 : firefox (ELSA-2013-0820)

Oval

accepted2014-10-06T04:02:30.748-04:00
classvulnerability
contributors
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox ESR is installed
    ovaloval:org.mitre.oval:def:22414
  • commentMozilla Thunderbird ESR is installed
    ovaloval:org.mitre.oval:def:22216
descriptionThe Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
familywindows
idoval:org.mitre.oval:def:17046
statusaccepted
submitted2013-05-13T10:26:26.748+04:00
titleThe Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
version31

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/127915/firefox_tostring_console_injection.rb.txt
idPACKETSTORM:127915
last seen2016-12-05
published2014-08-18
reportermoz_bug_r_a4
sourcehttps://packetstormsecurity.com/files/127915/Firefox-toString-console.time-Privileged-Javascript-Injection.html
titleFirefox toString console.time Privileged Javascript Injection

Redhat

advisories
  • rhsa
    idRHSA-2013:0820
  • rhsa
    idRHSA-2013:0821
rpms
  • firefox-0:17.0.6-1.el5_9
  • firefox-0:17.0.6-1.el6_4
  • firefox-debuginfo-0:17.0.6-1.el5_9
  • firefox-debuginfo-0:17.0.6-1.el6_4
  • xulrunner-0:17.0.6-1.el5_9
  • xulrunner-0:17.0.6-2.el6_4
  • xulrunner-debuginfo-0:17.0.6-1.el5_9
  • xulrunner-debuginfo-0:17.0.6-2.el6_4
  • xulrunner-devel-0:17.0.6-1.el5_9
  • xulrunner-devel-0:17.0.6-2.el6_4
  • thunderbird-0:17.0.6-1.el5_9
  • thunderbird-0:17.0.6-2.el6_4
  • thunderbird-debuginfo-0:17.0.6-1.el5_9
  • thunderbird-debuginfo-0:17.0.6-2.el6_4

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:87190
last seen2017-11-19
modified2014-08-20
published2014-08-20
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-87190
titleFirefox toString console.time Privileged Javascript Injection