VDB
CVE-2013-1727
CVE-2013-1727
PUBLISHED
CVSS 4 MEDIUM
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.
EPSS 2.24% · 84.9th percentile
Risk Scores
CVSS 2.0
4
EPSS Score
2.24%
84.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| mozilla | firefox | 19.0.1, 19.0.2, 19.0 |
Exploit Intelligence
- CIRCL exploited: CVE-2013-1727 (circl-sighting)
- FEDORA-2013-16992 (circl)
- FEDORA-2013-17074 (circl)
- http://www.mozilla.org/security/announce/2013/mfsa2013-84.html (circl)
- https://bugzilla.mozilla.org/show_bug.cgi?id=782581 (circl)
- FEDORA-2013-17047 (circl)
- Firefox For Android Same-Origin Bypass (0day-today)
- Firefox For Android Same-Origin Bypass (0day-today)
Timeline
- Sep 17, 2013 PoC Published
- Sep 18, 2013 CVE Published
- Oct 2, 2013 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- FEDORA-2013-16992 vendor-advisory
- FEDORA-2013-17074 vendor-advisory
- http://www.mozilla.org/security/announce/2013/mfsa2013-84.html url
- https://bugzilla.mozilla.org/show_bug.cgi?id=782581 url
- FEDORA-2013-17047 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2013-1727 advisory