CVE-2013-1695

critical

Description

Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16433

https://bugzilla.mozilla.org/show_bug.cgi?id=849791

http://www.ubuntu.com/usn/USN-1890-1

http://www.mozilla.org/security/announce/2013/mfsa2013-57.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html

Details

Source: Mitre, NVD

Published: 2013-06-26

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical