CVE-2013-1727

Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass

Severity Score

4.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.

Mozilla Firefox anterior a 24.0 en Android permite a atacantes evitar la Same Origin Policy, y por lo tanto realizar ataques de cross-site scripting (XSS) o obtener la contraseña o la información de las cookies, mediante el uso de un enlace simbólico en conjunción con un archivo: URL para un archivo local.

Firefox for Android versions prior to 24 suffer from a same-origin bypass vulnerability via symbolic links.

*Credits: N/A

CVSS Scores

NISTv2 4.0

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-02-13 CVE Reserved
2013-09-17 First Exploit
2013-09-18 CVE Published
2024-08-06 CVE Updated
2024-08-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (6)

URL	Tag	Source
https://bugzilla.mozilla.org/show_bug.cgi?id=782581	X_refsource_confirm

URL	Date	SRC
https://www.exploit-db.com/exploits/38766	2013-09-17

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html	2013-10-03
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html	2013-10-03
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html	2013-10-03
http://www.mozilla.org/security/announce/2013/mfsa2013-84.html	2013-10-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	<= 23.0.1 Search vendor "Mozilla" for product "Firefox" and version " <= 23.0.1"	-	Affected	in	Google Search vendor "Google"	Android Search vendor "Google" for product "Android"	*	-	Safe
Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	19.0 Search vendor "Mozilla" for product "Firefox" and version "19.0"	-	Affected	in	Google Search vendor "Google"	Android Search vendor "Google" for product "Android"	*	-	Safe
Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	19.0.1 Search vendor "Mozilla" for product "Firefox" and version "19.0.1"	-	Affected	in	Google Search vendor "Google"	Android Search vendor "Google" for product "Android"	*	-	Safe
Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	19.0.2 Search vendor "Mozilla" for product "Firefox" and version "19.0.2"	-	Affected	in	Google Search vendor "Google"	Android Search vendor "Google" for product "Android"	*	-	Safe
Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	20.0 Search vendor "Mozilla" for product "Firefox" and version "20.0"	-	Affected	in	Google Search vendor "Google"	Android Search vendor "Google" for product "Android"	*	-	Safe
Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	20.0.1 Search vendor "Mozilla" for product "Firefox" and version "20.0.1"	-	Affected	in	Google Search vendor "Google"	Android Search vendor "Google" for product "Android"	*	-	Safe
Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	21.0 Search vendor "Mozilla" for product "Firefox" and version "21.0"	-	Affected	in	Google Search vendor "Google"	Android Search vendor "Google" for product "Android"	*	-	Safe
Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	22.0 Search vendor "Mozilla" for product "Firefox" and version "22.0"	-	Affected	in	Google Search vendor "Google"	Android Search vendor "Google" for product "Android"	*	-	Safe
Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	23.0 Search vendor "Mozilla" for product "Firefox" and version "23.0"	-	Affected	in	Google Search vendor "Google"	Android Search vendor "Google" for product "Android"	*	-	Safe