CVE-2013-0776

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 20-02-2013 12:55

Last modified: - 24-09-2022 03:03

Total changes: - 2

Description

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:H/Au:N/C:P/I:P/A:N

High

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

4.0

Base score

4.9

Exploitability score

Impact score

Verification logic

Reference

http://www.mozilla.org/security/announce/2013/mfsa2013-27.html
https://bugzilla.mozilla.org/show_bug.cgi?id=796475
RHSA-2013:0271-Third Party Advisory
openSUSE-SU-2013:0324-Mailing List, Third Party Advisory
RHSA-2013:0272-Third Party Advisory
USN-1729-1-Third Party Advisory
USN-1748-1-Third Party Advisory
USN-1729-2-Third Party Advisory
openSUSE-SU-2013:0323-Mailing List, Third Party Advisory
DSA-2699-Third Party Advisory
oval:org.mitre.oval:def:16666-Third Party Advisory

Keywords

CVE-2013-0776

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2013-0776

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures