4.3

CVE-2013-5614

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 26.0
MozillaSeamonkey Version < 2.23
FedoraprojectFedora Version19
FedoraprojectFedora Version20
OracleSolaris Version11.3
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.04
CanonicalUbuntu Linux Version13.10
RedhatEnterprise Linux Eus Version6.5
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
SuseLinux Enterprise Desktop Version11 Updatesp3
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp3 SwPlatformvmware
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.512
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-1021 Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

http://www.securitytracker.com/id/1029470
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029476
Third Party Advisory
VDB Entry