CVE-2013-0776

Current Description

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.

Basic Data

PublishedFebruary 19, 2013
Last ModifiedAugust 06, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-295
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:P/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.0
SeverityMEDIUM
Exploitability Score4.9
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox********19.0
    2.3ApplicationMozillaFirefox Esr********17.0.3
    2.3ApplicationMozillaSeamonkey********2.16
    2.3ApplicationMozillaThunderbird********17.0.3
    2.3ApplicationMozillaThunderbird Esr********17.0.3
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSOpensuseOpensuse11.4*******
    2.3OSOpensuseOpensuse12.1*******
    2.3OSOpensuseOpensuse12.2*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Aus5.9*******
    2.3OSRedhatEnterprise Linux Desktop5.0*******
    2.3OSRedhatEnterprise Linux Desktop6.0*******
    2.3OSRedhatEnterprise Linux Eus5.9*******
    2.3OSRedhatEnterprise Linux Eus6.3*******
    2.3OSRedhatEnterprise Linux Server5.0*******
    2.3OSRedhatEnterprise Linux Server6.0*******
    2.3OSRedhatEnterprise Linux Workstation5.0*******
    2.3OSRedhatEnterprise Linux Workstation6.0*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux7.0*******
  • OR - Configuration 5
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux10.04***-***
    2.3OSCanonicalUbuntu Linux11.10*******
    2.3OSCanonicalUbuntu Linux12.04***esm***
    2.3OSCanonicalUbuntu Linux12.10*******

Vulnerable Software List

VendorProductVersions
Mozilla Firefox *
Mozilla Thunderbird *
Mozilla Seamonkey *
Mozilla Firefox Esr *
Mozilla Thunderbird Esr *
Debian Debian Linux 7.0
Redhat Enterprise Linux Workstation 5.0, 6.0
Redhat Enterprise Linux Eus 5.9, 6.3
Redhat Enterprise Linux Desktop 5.0, 6.0
Redhat Enterprise Linux Aus 5.9
Redhat Enterprise Linux Server 5.0, 6.0
Canonical Ubuntu Linux 10.04, 11.10, 12.04, 12.10
Opensuse Opensuse 11.4, 12.1, 12.2

References

NameSourceURLTags
openSUSE-SU-2013:0323http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.htmlSUSEMailing List Third Party Advisory
openSUSE-SU-2013:0324http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.htmlSUSEMailing List Third Party Advisory
RHSA-2013:0271http://rhn.redhat.com/errata/RHSA-2013-0271.htmlREDHATThird Party Advisory
RHSA-2013:0272http://rhn.redhat.com/errata/RHSA-2013-0272.htmlREDHATThird Party Advisory
DSA-2699http://www.debian.org/security/2013/dsa-2699DEBIANThird Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-27.htmlhttp://www.mozilla.org/security/announce/2013/mfsa2013-27.htmlCONFIRMVendor Advisory
USN-1729-1http://www.ubuntu.com/usn/USN-1729-1UBUNTUThird Party Advisory
USN-1729-2http://www.ubuntu.com/usn/USN-1729-2UBUNTUThird Party Advisory
USN-1748-1http://www.ubuntu.com/usn/USN-1748-1UBUNTUThird Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=796475https://bugzilla.mozilla.org/show_bug.cgi?id=796475CONFIRMIssue Tracking Patch Vendor Advisory
oval:org.mitre.oval:def:16666https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16666OVALThird Party Advisory