CVE-2013-1693

CVSS v2.0 4.3 (Medium)

EPSS 1.97 % (89^th)

Affected Products 4

Advisories 10

The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

Related CVEs

CVE-2014-1505

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2013-06-26 03:19:10
(11 years ago)
Updated Date: 2017-09-19 01:36:11
(7 years ago)

Affected Products

Mozilla

Configuration #1

	CPE23	Up To
Mozilla Firefox 21.0 and prior versions	cpe:2.3:a:mozilla:firefox	<= 21.0
Mozilla Firefox 19.0	cpe:2.3:a:mozilla:firefox:19.0
Mozilla Firefox 19.0.1	cpe:2.3:a:mozilla:firefox:19.0.1
Mozilla Firefox 19.0.2	cpe:2.3:a:mozilla:firefox:19.0.2
Mozilla Firefox 20.0	cpe:2.3:a:mozilla:firefox:20.0
Mozilla Firefox 20.0.1	cpe:2.3:a:mozilla:firefox:20.0.1

Configuration #2

		CPE23	From	Up To
	Mozilla Firefox Esr 17.0	cpe:2.3:a:mozilla:firefox_esr:17.0
	Mozilla Firefox Esr 17.0.1	cpe:2.3:a:mozilla:firefox_esr:17.0.1
	Mozilla Firefox Esr 17.0.2	cpe:2.3:a:mozilla:firefox_esr:17.0.2
	Mozilla Firefox Esr 17.0.3	cpe:2.3:a:mozilla:firefox_esr:17.0.3
	Mozilla Firefox Esr 17.0.4	cpe:2.3:a:mozilla:firefox_esr:17.0.4
	Mozilla Firefox Esr 17.0.5	cpe:2.3:a:mozilla:firefox_esr:17.0.5
	Mozilla Firefox Esr 17.0.6	cpe:2.3:a:mozilla:firefox_esr:17.0.6

Configuration #3

	CPE23	Up To
Mozilla Thunderbird 17.0.6 and prior versions	cpe:2.3:a:mozilla:thunderbird	<= 17.0.6
Mozilla Thunderbird 17.0	cpe:2.3:a:mozilla:thunderbird:17.0
Mozilla Thunderbird 17.0.1	cpe:2.3:a:mozilla:thunderbird:17.0.1
Mozilla Thunderbird 17.0.2	cpe:2.3:a:mozilla:thunderbird:17.0.2
Mozilla Thunderbird 17.0.3	cpe:2.3:a:mozilla:thunderbird:17.0.3
Mozilla Thunderbird 17.0.4	cpe:2.3:a:mozilla:thunderbird:17.0.4
Mozilla Thunderbird 17.0.5	cpe:2.3:a:mozilla:thunderbird:17.0.5

Configuration #4

		CPE23	From	Up To
	Mozilla Thunderbird Esr 17.0	cpe:2.3:a:mozilla:thunderbird_esr:17.0
	Mozilla Thunderbird Esr 17.0.1	cpe:2.3:a:mozilla:thunderbird_esr:17.0.1
	Mozilla Thunderbird Esr 17.0.2	cpe:2.3:a:mozilla:thunderbird_esr:17.0.2
	Mozilla Thunderbird Esr 17.0.3	cpe:2.3:a:mozilla:thunderbird_esr:17.0.3
	Mozilla Thunderbird Esr 17.0.4	cpe:2.3:a:mozilla:thunderbird_esr:17.0.4
	Mozilla Thunderbird Esr 17.0.5	cpe:2.3:a:mozilla:thunderbird_esr:17.0.5
	Mozilla Thunderbird Esr 17.0.6	cpe:2.3:a:mozilla:thunderbird_esr:17.0.6