Home

CVE-2013-5614

Description

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

Risk Information

Base Score
6.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.279

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 25.0.1Windows
Multiple vulnerabilities affected in Mozilla_Firefox 25.0.1Windows
Multiple vulnerabilities affected in SeaMonkey 2.9.1Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 25.99Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 25.99Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (126.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (126.0.1)Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 25.1Mac
Multiple Vulnerabilities are affected in SeaMonkey For Mac 2.22.1Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343016Mozilla Firefox (x64) (132.0.2)
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-341197SeaMonkey (2.53.19)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611088SeaMonkey For Mac (2.53.21)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234