CVE-2013-0794
First published: Wed Apr 03 2013(Updated: )
Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <=19.0.2 | |
| Firefox | =19.0 | |
| Firefox | =19.0.1 | |
| Mozilla SeaMonkey | <=2.17 | |
| Mozilla SeaMonkey | =2.0 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =2.0.3 | |
| Mozilla SeaMonkey | =2.0.4 | |
| Mozilla SeaMonkey | =2.0.5 | |
| Mozilla SeaMonkey | =2.0.6 | |
| Mozilla SeaMonkey | =2.0.7 | |
| Mozilla SeaMonkey | =2.0.8 | |
| Mozilla SeaMonkey | =2.0.9 | |
| Mozilla SeaMonkey | =2.0.10 | |
| Mozilla SeaMonkey | =2.0.11 | |
| Mozilla SeaMonkey | =2.0.12 | |
| Mozilla SeaMonkey | =2.0.13 | |
| Mozilla SeaMonkey | =2.0.14 | |
| Mozilla SeaMonkey | =2.1 | |
| Mozilla SeaMonkey | =2.1-alpha1 | |
| Mozilla SeaMonkey | =2.1-alpha2 | |
| Mozilla SeaMonkey | =2.1-alpha3 | |
| Mozilla SeaMonkey | =2.1-beta1 | |
| Mozilla SeaMonkey | =2.1-beta2 | |
| Mozilla SeaMonkey | =2.1-beta3 | |
| Mozilla SeaMonkey | =2.1-rc1 | |
| Mozilla SeaMonkey | =2.1-rc2 | |
| Mozilla SeaMonkey | =2.2 | |
| Mozilla SeaMonkey | =2.2-beta1 | |
| Mozilla SeaMonkey | =2.2-beta2 | |
| Mozilla SeaMonkey | =2.2-beta3 | |
| Mozilla SeaMonkey | =2.3 | |
| Mozilla SeaMonkey | =2.3-beta1 | |
| Mozilla SeaMonkey | =2.3-beta2 | |
| Mozilla SeaMonkey | =2.3-beta3 | |
| Mozilla SeaMonkey | =2.3.1 | |
| Mozilla SeaMonkey | =2.3.2 | |
| Mozilla SeaMonkey | =2.3.3 | |
| Mozilla SeaMonkey | =2.4 | |
| Mozilla SeaMonkey | =2.4-beta1 | |
| Mozilla SeaMonkey | =2.4-beta2 | |
| Mozilla SeaMonkey | =2.4-beta3 | |
| Mozilla SeaMonkey | =2.4.1 | |
| Mozilla SeaMonkey | =2.5 | |
| Mozilla SeaMonkey | =2.5-beta1 | |
| Mozilla SeaMonkey | =2.5-beta2 | |
| Mozilla SeaMonkey | =2.5-beta3 | |
| Mozilla SeaMonkey | =2.5-beta4 | |
| Mozilla SeaMonkey | =2.6 | |
| Mozilla SeaMonkey | =2.6-beta1 | |
| Mozilla SeaMonkey | =2.6-beta2 | |
| Mozilla SeaMonkey | =2.6-beta3 | |
| Mozilla SeaMonkey | =2.6-beta4 | |
| Mozilla SeaMonkey | =2.6.1 | |
| Mozilla SeaMonkey | =2.7 | |
| Mozilla SeaMonkey | =2.7-beta1 | |
| Mozilla SeaMonkey | =2.7-beta2 | |
| Mozilla SeaMonkey | =2.7-beta3 | |
| Mozilla SeaMonkey | =2.7-beta4 | |
| Mozilla SeaMonkey | =2.7-beta5 | |
| Mozilla SeaMonkey | =2.7.1 | |
| Mozilla SeaMonkey | =2.7.2 | |
| Mozilla SeaMonkey | =2.8 | |
| Mozilla SeaMonkey | =2.8-beta1 | |
| Mozilla SeaMonkey | =2.8-beta2 | |
| Mozilla SeaMonkey | =2.8-beta3 | |
| Mozilla SeaMonkey | =2.8-beta4 | |
| Mozilla SeaMonkey | =2.8-beta5 | |
| Mozilla SeaMonkey | =2.8-beta6 | |
| Mozilla SeaMonkey | =2.9 | |
| Mozilla SeaMonkey | =2.9-beta1 | |
| Mozilla SeaMonkey | =2.9-beta2 | |
| Mozilla SeaMonkey | =2.9-beta3 | |
| Mozilla SeaMonkey | =2.9-beta4 | |
| Mozilla SeaMonkey | =2.9.1 | |
| Mozilla SeaMonkey | =2.10 | |
| Mozilla SeaMonkey | =2.10-beta1 | |
| Mozilla SeaMonkey | =2.10-beta2 | |
| Mozilla SeaMonkey | =2.10-beta3 | |
| Mozilla SeaMonkey | =2.10.1 | |
| Mozilla SeaMonkey | =2.11 | |
| Mozilla SeaMonkey | =2.11-beta1 | |
| Mozilla SeaMonkey | =2.11-beta2 | |
| Mozilla SeaMonkey | =2.11-beta3 | |
| Mozilla SeaMonkey | =2.11-beta4 | |
| Mozilla SeaMonkey | =2.11-beta5 | |
| Mozilla SeaMonkey | =2.11-beta6 | |
| Mozilla SeaMonkey | =2.12 | |
| Mozilla SeaMonkey | =2.12-beta1 | |
| Mozilla SeaMonkey | =2.12-beta2 | |
| Mozilla SeaMonkey | =2.12-beta3 | |
| Mozilla SeaMonkey | =2.12-beta4 | |
| Mozilla SeaMonkey | =2.12-beta5 | |
| Mozilla SeaMonkey | =2.12-beta6 | |
| Mozilla SeaMonkey | =2.12.1 | |
| Mozilla SeaMonkey | =2.13 | |
| Mozilla SeaMonkey | =2.13-beta1 | |
| Mozilla SeaMonkey | =2.13-beta2 | |
| Mozilla SeaMonkey | =2.13-beta3 | |
| Mozilla SeaMonkey | =2.13-beta4 | |
| Mozilla SeaMonkey | =2.13-beta5 | |
| Mozilla SeaMonkey | =2.13-beta6 | |
| Mozilla SeaMonkey | =2.13.1 | |
| Mozilla SeaMonkey | =2.13.2 | |
| Mozilla SeaMonkey | =2.14 | |
| Mozilla SeaMonkey | =2.14-beta1 | |
| Mozilla SeaMonkey | =2.14-beta2 | |
| Mozilla SeaMonkey | =2.14-beta3 | |
| Mozilla SeaMonkey | =2.14-beta4 | |
| Mozilla SeaMonkey | =2.14-beta5 | |
| Mozilla SeaMonkey | =2.15 | |
| Mozilla SeaMonkey | =2.15-beta1 | |
| Mozilla SeaMonkey | =2.15-beta2 | |
| Mozilla SeaMonkey | =2.15-beta3 | |
| Mozilla SeaMonkey | =2.15-beta4 | |
| Mozilla SeaMonkey | =2.15-beta5 | |
| Mozilla SeaMonkey | =2.15-beta6 | |
| Mozilla SeaMonkey | =2.15.1 | |
| Mozilla SeaMonkey | =2.15.2 | |
| Mozilla SeaMonkey | =2.16 | |
| Mozilla SeaMonkey | =2.16-beta1 | |
| Mozilla SeaMonkey | =2.16-beta2 | |
| Mozilla SeaMonkey | =2.16-beta3 | |
| Mozilla SeaMonkey | =2.16-beta4 | |
| Mozilla SeaMonkey | =2.16-beta5 | |
| Mozilla SeaMonkey | =2.16.1 | |
| Mozilla SeaMonkey | =2.16.2 | |
| Mozilla SeaMonkey | =2.17-beta1 | |
| Mozilla SeaMonkey | =2.17-beta2 | |
| Mozilla SeaMonkey | =2.17-beta3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-37.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=626775
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17065
Frequently Asked Questions
What is the severity of CVE-2013-0794?
CVE-2013-0794 has a high severity rating due to the potential for phishing attacks enabled by the origin spoofing of tab-modal dialogs.
How do I fix CVE-2013-0794?
To fix CVE-2013-0794, upgrade to Mozilla Firefox version 20.0 or later and SeaMonkey version 2.17 or later.
What types of attacks can CVE-2013-0794 facilitate?
CVE-2013-0794 can facilitate phishing attacks by allowing attackers to spoof a website's origin, misleading users.
Which versions of Mozilla Firefox are affected by CVE-2013-0794?
All versions of Mozilla Firefox prior to 20.0 are affected by CVE-2013-0794.
Which versions of SeaMonkey are impacted by CVE-2013-0794?
CVE-2013-0794 impacts all versions of SeaMonkey prior to 2.17.
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/firefox
- version/firefox/19.0.2
- version/firefox/19.0
- version/firefox/19.0.1
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.17
- version/mozilla seamonkey/2.0
- version/mozilla seamonkey/2.0-alpha_1
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0.1
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/2.0.3
- version/mozilla seamonkey/2.0.4
- version/mozilla seamonkey/2.0.5
- version/mozilla seamonkey/2.0.6
- version/mozilla seamonkey/2.0.7
- version/mozilla seamonkey/2.0.8
- version/mozilla seamonkey/2.0.9
- version/mozilla seamonkey/2.0.10
- version/mozilla seamonkey/2.0.11
- version/mozilla seamonkey/2.0.12
- version/mozilla seamonkey/2.0.13
- version/mozilla seamonkey/2.0.14
- version/mozilla seamonkey/2.1
- version/mozilla seamonkey/2.1-alpha1
- version/mozilla seamonkey/2.1-alpha2
- version/mozilla seamonkey/2.1-alpha3
- version/mozilla seamonkey/2.1-beta1
- version/mozilla seamonkey/2.1-beta2
- version/mozilla seamonkey/2.1-beta3
- version/mozilla seamonkey/2.1-rc1
- version/mozilla seamonkey/2.1-rc2
- version/mozilla seamonkey/2.2
- version/mozilla seamonkey/2.2-beta1
- version/mozilla seamonkey/2.2-beta2
- version/mozilla seamonkey/2.2-beta3
- version/mozilla seamonkey/2.3
- version/mozilla seamonkey/2.3-beta1
- version/mozilla seamonkey/2.3-beta2
- version/mozilla seamonkey/2.3-beta3
- version/mozilla seamonkey/2.3.1
- version/mozilla seamonkey/2.3.2
- version/mozilla seamonkey/2.3.3
- version/mozilla seamonkey/2.4
- version/mozilla seamonkey/2.4-beta1
- version/mozilla seamonkey/2.4-beta2
- version/mozilla seamonkey/2.4-beta3
- version/mozilla seamonkey/2.4.1
- version/mozilla seamonkey/2.5
- version/mozilla seamonkey/2.5-beta1
- version/mozilla seamonkey/2.5-beta2
- version/mozilla seamonkey/2.5-beta3
- version/mozilla seamonkey/2.5-beta4
- version/mozilla seamonkey/2.6
- version/mozilla seamonkey/2.6-beta1
- version/mozilla seamonkey/2.6-beta2
- version/mozilla seamonkey/2.6-beta3
- version/mozilla seamonkey/2.6-beta4
- version/mozilla seamonkey/2.6.1
- version/mozilla seamonkey/2.7
- version/mozilla seamonkey/2.7-beta1
- version/mozilla seamonkey/2.7-beta2
- version/mozilla seamonkey/2.7-beta3
- version/mozilla seamonkey/2.7-beta4
- version/mozilla seamonkey/2.7-beta5
- version/mozilla seamonkey/2.7.1
- version/mozilla seamonkey/2.7.2
- version/mozilla seamonkey/2.8
- version/mozilla seamonkey/2.8-beta1
- version/mozilla seamonkey/2.8-beta2
- version/mozilla seamonkey/2.8-beta3
- version/mozilla seamonkey/2.8-beta4
- version/mozilla seamonkey/2.8-beta5
- version/mozilla seamonkey/2.8-beta6
- version/mozilla seamonkey/2.9
- version/mozilla seamonkey/2.9-beta1
- version/mozilla seamonkey/2.9-beta2
- version/mozilla seamonkey/2.9-beta3
- version/mozilla seamonkey/2.9-beta4
- version/mozilla seamonkey/2.9.1
- version/mozilla seamonkey/2.10
- version/mozilla seamonkey/2.10-beta1
- version/mozilla seamonkey/2.10-beta2
- version/mozilla seamonkey/2.10-beta3
- version/mozilla seamonkey/2.10.1
- version/mozilla seamonkey/2.11
- version/mozilla seamonkey/2.11-beta1
- version/mozilla seamonkey/2.11-beta2
- version/mozilla seamonkey/2.11-beta3
- version/mozilla seamonkey/2.11-beta4
- version/mozilla seamonkey/2.11-beta5
- version/mozilla seamonkey/2.11-beta6
- version/mozilla seamonkey/2.12
- version/mozilla seamonkey/2.12-beta1
- version/mozilla seamonkey/2.12-beta2
- version/mozilla seamonkey/2.12-beta3
- version/mozilla seamonkey/2.12-beta4
- version/mozilla seamonkey/2.12-beta5
- version/mozilla seamonkey/2.12-beta6
- version/mozilla seamonkey/2.12.1
- version/mozilla seamonkey/2.13
- version/mozilla seamonkey/2.13-beta1
- version/mozilla seamonkey/2.13-beta2
- version/mozilla seamonkey/2.13-beta3
- version/mozilla seamonkey/2.13-beta4
- version/mozilla seamonkey/2.13-beta5
- version/mozilla seamonkey/2.13-beta6
- version/mozilla seamonkey/2.13.1
- version/mozilla seamonkey/2.13.2
- version/mozilla seamonkey/2.14
- version/mozilla seamonkey/2.14-beta1
- version/mozilla seamonkey/2.14-beta2
- version/mozilla seamonkey/2.14-beta3
- version/mozilla seamonkey/2.14-beta4
- version/mozilla seamonkey/2.14-beta5
- version/mozilla seamonkey/2.15
- version/mozilla seamonkey/2.15-beta1
- version/mozilla seamonkey/2.15-beta2
- version/mozilla seamonkey/2.15-beta3
- version/mozilla seamonkey/2.15-beta4
- version/mozilla seamonkey/2.15-beta5
- version/mozilla seamonkey/2.15-beta6
- version/mozilla seamonkey/2.15.1
- version/mozilla seamonkey/2.15.2
- version/mozilla seamonkey/2.16
- version/mozilla seamonkey/2.16-beta1
- version/mozilla seamonkey/2.16-beta2
- version/mozilla seamonkey/2.16-beta3
- version/mozilla seamonkey/2.16-beta4
- version/mozilla seamonkey/2.16-beta5
- version/mozilla seamonkey/2.16.1
- version/mozilla seamonkey/2.16.2
- version/mozilla seamonkey/2.17-beta1
- version/mozilla seamonkey/2.17-beta2
- version/mozilla seamonkey/2.17-beta3