Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-1713 Same Origin Policy Security Bypass Vulnerability

Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This could be used to steal sensitive information or launch other attacks.

These issues are fixed in:

Firefox 23.0
Firefox ESR 17.0.8
Thunderbird 17.0.8
Thunderbird ESR 17.0.8
Seamonkey 2.20

Note: This issue was previously discussed in BID 61641 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2013-63 through -75 Multiple Vulnerabilities), but has been moved to its own record for better documentation.


Privacy Statement
Copyright 2010, SecurityFocus