CVE-2013-0773
First published: Tue Feb 19 2013(Updated: )
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <17.0.3 | |
| Mozilla Firefox | <19.0 | |
| Mozilla SeaMonkey | <2.16 | |
| Mozilla Thunderbird | <17.0.3 | |
| Mozilla Thunderbird ESR | <17.0.3 | |
| openSUSE | =11.4 | |
| openSUSE | =12.1 | |
| openSUSE | =12.2 | |
| Debian GNU/Linux | =7.0 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =11.10 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =12.10 | |
| Mozilla Firefox ESR | <17.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
- http://www.debian.org/security/2013/dsa-2699
- http://www.mozilla.org/security/announce/2013/mfsa2013-24.html
- http://www.ubuntu.com/usn/USN-1729-1
- http://www.ubuntu.com/usn/USN-1729-2
- http://www.ubuntu.com/usn/USN-1748-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=809652
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16861
Frequently Asked Questions
What is the severity of CVE-2013-0773?
CVE-2013-0773 is classified as a moderate severity vulnerability.
How do I fix CVE-2013-0773?
To fix CVE-2013-0773, update your browser or email client to the latest version available that addresses this vulnerability.
Which versions of software are affected by CVE-2013-0773?
CVE-2013-0773 affects Mozilla Firefox versions prior to 19.0, Firefox ESR versions prior to 17.0.3, Thunderbird versions prior to 17.0.3, and other related software like SeaMonkey.
What type of vulnerability is CVE-2013-0773?
CVE-2013-0773 is a prototype pollution vulnerability that can allow remote attackers to modify the prototype.
Can CVE-2013-0773 be exploited remotely?
Yes, CVE-2013-0773 can be exploited remotely, allowing attackers to potentially manipulate the behavior of affected applications.
- agent/type
- agent/references
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla firefox
- canonical/mozilla seamonkey
- canonical/mozilla thunderbird
- canonical/mozilla thunderbird esr
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.1
- version/opensuse/12.2
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.04
- version/ubuntu linux/11.10
- version/ubuntu linux/12.04
- version/ubuntu linux/12.10
- canonical/mozilla firefox esr