Vulnerability CVE-2013-1717
Published: 2013-08-06   Modified: 2013-08-07

Description:
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname.

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.4/10
6.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
VENDOR -> PRODUCT 
Mozilla -> Seamonkey 
Mozilla -> Firefox 
Mozilla -> Thunderbird esr 
Mozilla -> Firefox esr 
Mozilla -> Thunderbird 

 References:
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:18367
http://www.debian.org/security/2013/dsa-2735
http://www.debian.org/security/2013/dsa-2746
http://www.mozilla.org/security/announce/2013/mfsa2013-75.html
http://www.securityfocus.com/bid/61896
https://bugzilla.mozilla.org/show_bug.cgi?id=406541
Copyright 2024, cxsecurity.com

 

Back to Top