1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
PublicDateAtUSN: 2013-09-17
Candidate: CVE-2013-1737
PublicDate: 2013-09-18
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737
http://www.mozilla.org/security/announce/2013/mfsa2013-91.html
http://www.ubuntu.com/usn/usn-1951-1
http://www.ubuntu.com/usn/usn-1952-1
Description:
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird
before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21
do not properly identify the "this" object during use of user-defined
getter methods on DOM proxies, which might allow remote attackers to bypass
intended access restrictions via vectors involving an expando object.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to: chrisccoulson
Patches_firefox:
upstream_firefox: released (24.0)
lucid_firefox: ignored (reached end-of-life)
precise_firefox: released (24.0+build1-0ubuntu0.12.04.1)
quantal_firefox: released (24.0+build1-0ubuntu0.12.10.1)
raring_firefox: released (24.0+build1-0ubuntu0.13.04.1)
devel_firefox: released (24.0+build1-0ubuntu1)
Patches_thunderbird:
upstream_thunderbird: released (24.0)
lucid_thunderbird: ignored (reached end-of-life)
precise_thunderbird: released (1:24.0+build1-0ubuntu0.12.04.1)
quantal_thunderbird: released (1:24.0+build1-0ubuntu0.12.10.1)
raring_thunderbird: released (1:24.0+build1-0ubuntu0.13.04.1)
devel_thunderbird: released (1:24.0+build1-0ubuntu1)
|