Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0776 URI Spoofing Vulnerability
BID:58044
Info
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0776 URI Spoofing Vulnerability
| Bugtraq ID: | 58044 |
| Class: | Design Error |
| CVE: |
CVE-2013-0776 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 19 2013 12:00AM |
| Updated: | Apr 13 2015 09:44PM |
| Credit: | Michal Zalewski |
| Vulnerable: |
Ubuntu Ubuntu Linux 12.10 i386 Ubuntu Ubuntu Linux 12.10 amd64 Ubuntu Ubuntu Linux 12.10 Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 12.04 LTS Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.10 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 LTS Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server for VMware 11 SP2 SuSE SUSE Linux Enterprise Server 11 SP2 SuSE SUSE Linux Enterprise SDK 11 SP2 SuSE Suse Linux Enterprise Desktop 11 SP2 Slackware Linux x86_64 -current Slackware Linux 14.0 x86_64 Slackware Linux 14.0 Slackware Linux 13.37 x86_64 Slackware Linux 13.37 Slackware Linux -current S.u.S.E. openSUSE 12.2 S.u.S.E. openSUSE 12.1 S.u.S.E. openSUSE 11.4 Redhat Enterprise Linux Workstation Optional 6 Redhat Enterprise Linux Workstation 6 Redhat Enterprise Linux Server Optional 6 Redhat Enterprise Linux Server 6 Redhat Enterprise Linux Optional Productivity Application 5 server Redhat Enterprise Linux HPC Node Optional 6 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop Optional 6 Redhat Enterprise Linux Desktop 6 Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Mozilla Thunderbird ESR 17.0.2 Mozilla Thunderbird ESR 17.0.1 Mozilla Thunderbird ESR 10.0.12 Mozilla Thunderbird ESR 10.0.10 Mozilla Thunderbird ESR 10.0.5 Mozilla Thunderbird ESR 10.0.4 Mozilla Thunderbird ESR 10.0.3 Mozilla Thunderbird ESR 10.0.9 Mozilla Thunderbird ESR 10.0.8 Mozilla Thunderbird ESR 10.0.7 Mozilla Thunderbird ESR 10.0.6 Mozilla Thunderbird ESR 10.0.2 Mozilla Thunderbird ESR 10.0.11 Mozilla Thunderbird 17.0.2 Mozilla Thunderbird 16.0.2 Mozilla Thunderbird 3.1.20 Mozilla Thunderbird 3.1.14 Mozilla Thunderbird 3.1.13 Mozilla Thunderbird 3.1.12 Mozilla Thunderbird 3.1.7 Mozilla Thunderbird 3.1.5 Mozilla Thunderbird 3.1.4 Mozilla Thunderbird 3.0.11 Mozilla Thunderbird 3.0.9 Mozilla Thunderbird 3.0.8 Mozilla Thunderbird 3.0.5 Mozilla Thunderbird 3.0.2 Mozilla Thunderbird 3.0.1 Mozilla Thunderbird 9.0 Mozilla Thunderbird 8.0 Mozilla Thunderbird 7.0.1 Mozilla Thunderbird 7.0 Mozilla Thunderbird 6.0.2 Mozilla Thunderbird 6.0.1 Mozilla Thunderbird 6 Mozilla Thunderbird 5 Mozilla Thunderbird 3.3 Mozilla Thunderbird 3.1.9 Mozilla Thunderbird 3.1.8 Mozilla Thunderbird 3.1.6 Mozilla Thunderbird 3.1.3 Mozilla Thunderbird 3.1.2 Mozilla Thunderbird 3.1.19 Mozilla Thunderbird 3.1.18 Mozilla Thunderbird 3.1.17 Mozilla Thunderbird 3.1.16 Mozilla Thunderbird 3.1.15 Mozilla Thunderbird 3.1.11 Mozilla Thunderbird 3.1.10 Mozilla Thunderbird 3.1.1 Mozilla Thunderbird 3.1 Mozilla Thunderbird 3.0.7 Mozilla Thunderbird 3.0.6 Mozilla Thunderbird 3.0.4 Mozilla Thunderbird 3.0.3 Mozilla Thunderbird 3.0.10 Mozilla Thunderbird 3.0 Mozilla Thunderbird 17.0 Mozilla Thunderbird 16.0.1 Mozilla Thunderbird 16 Mozilla Thunderbird 15 Mozilla Thunderbird 14.0 Mozilla Thunderbird 14 Mozilla Thunderbird 13.0 Mozilla Thunderbird 12.0 Mozilla Thunderbird 11.0 Mozilla Thunderbird 10.0.2 Mozilla Thunderbird 10.0.1 Mozilla Thunderbird 10.0 Mozilla SeaMonkey 2.13.2 Mozilla SeaMonkey 2.9 Mozilla SeaMonkey 2.8 Mozilla SeaMonkey 2.7.2 Mozilla SeaMonkey 2.7.1 Mozilla SeaMonkey 2.7 Mozilla SeaMonkey 2.6 Mozilla SeaMonkey 2.5 Mozilla SeaMonkey 2.4 Mozilla SeaMonkey 2.3 Mozilla SeaMonkey 2.2 Mozilla SeaMonkey 2.15 Mozilla SeaMonkey 2.14 Mozilla SeaMonkey 2.13.1 Mozilla SeaMonkey 2.13 Mozilla SeaMonkey 2.12 Mozilla SeaMonkey 2.11 Mozilla SeaMonkey 2.10 Mozilla SeaMonkey 2.1 Mozilla Firefox ESR 17.0.2 Mozilla Firefox ESR 17.0.1 Mozilla Firefox ESR 10.0.12 Mozilla Firefox ESR 10.0.10 Mozilla Firefox ESR 10.0.8 Mozilla Firefox ESR 10.0.7 Mozilla Firefox ESR 10.0.5 Mozilla Firefox ESR 10.0.4 Mozilla Firefox ESR 10.0.3 Mozilla Firefox ESR 10.0.9 Mozilla Firefox ESR 10.0.6 Mozilla Firefox ESR 10.0.2 Mozilla Firefox ESR 10.0.11 Mozilla Firefox 16.0.2 Mozilla Firefox 16.0.1 Mozilla Firefox 15.0.1 Mozilla Firefox 9.0.1 Mozilla Firefox 3.6.28 Mozilla Firefox 3.6.22 Mozilla Firefox 3.6.13 Mozilla Firefox 3.6.10 Mozilla Firefox 3.6.9 Mozilla Firefox 3.6.8 Mozilla Firefox 3.6.4 Mozilla Firefox 3.6.3 Mozilla Firefox 3.6.2 Mozilla Firefox 3.5.17 Mozilla Firefox 3.5.16 Mozilla Firefox 3.5.14 Mozilla Firefox 3.5.13 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.9 Mozilla Firefox 3.5.8 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5 Mozilla Firefox 9.0 Mozilla Firefox 8.0.1 Mozilla Firefox 8.0 Mozilla Firefox 7.0.1 Mozilla Firefox 7 Mozilla Firefox 6.0.2 Mozilla Firefox 6.0.1 Mozilla Firefox 6.0 Mozilla Firefox 5.0.1 Mozilla Firefox 5.0 Mozilla Firefox 4.0.1 Mozilla Firefox 4.0 Mozilla Firefox 3.6.7 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.27 Mozilla Firefox 3.6.26 Mozilla Firefox 3.6.25 Mozilla Firefox 3.6.24 Mozilla Firefox 3.6.23 Mozilla Firefox 3.6.20 Mozilla Firefox 3.6.19 Mozilla Firefox 3.6.18 Mozilla Firefox 3.6.17 Mozilla Firefox 3.6.16 Mozilla Firefox 3.6.15 Mozilla Firefox 3.6.14 Mozilla Firefox 3.6.12 Mozilla Firefox 3.6.11 Mozilla Firefox 3.6 Mozilla Firefox 3.5.19 Mozilla Firefox 3.5.18 Mozilla Firefox 3.5.17 Mozilla Firefox 3.5.15 Mozilla Firefox 3.5.12 Mozilla Firefox 3.5.11 Mozilla Firefox 18.0 Mozilla Firefox 17.0.1 Mozilla Firefox 17.0 Mozilla Firefox 16 Mozilla Firefox 15 Mozilla Firefox 14.01 Mozilla Firefox 14.0 Mozilla Firefox 13.0 Mozilla Firefox 12.0 Mozilla Firefox 11.0 Mozilla Firefox 10.0.2 Mozilla Firefox 10.0.1 Mozilla Firefox 10.0 IBM Scale Out Network Attached Storage 1.3.2 1-21 IBM Scale Out Network Attached Storage 1.3.2 1-20 IBM Scale Out Network Attached Storage 1.3.2 IBM Scale Out Network Attached Storage 1.3.1 IBM Scale Out Network Attached Storage 1.3.2.3 IBM Scale Out Network Attached Storage 1.3.2.2 IBM Scale Out Network Attached Storage 1.3.0.5 IBM Scale Out Network Attached Storage 1.3.0.4 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 CentOS CentOS 5 |
| Not Vulnerable: |
Mozilla Thunderbird ESR 17.0.3 Mozilla Thunderbird 17.0.3 Mozilla SeaMonkey 2.16 Mozilla Firefox ESR 17.0.3 Mozilla Firefox 19.0 IBM Scale Out Network Attached Storage 1.4.1.0 |
Discussion
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0776 URI Spoofing Vulnerability
Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a URI-spoofing vulnerability.
Attackers may exploit this issue to display arbitrary content with a spoofed URI. Successfully exploiting this issue may aid in phishing attacks.
Note: This issue was previously covered in BID 58030 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2013-21 through -28 Multiple Vulnerabilities), but has been given its own record to better document it.
This issue is fixed in:
Firefox 19.0
Firefox ESR 17.0.3
Thunderbird 17.0.3
Thunderbird ESR 17.0.3
SeaMonkey 2.16
Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a URI-spoofing vulnerability.
Attackers may exploit this issue to display arbitrary content with a spoofed URI. Successfully exploiting this issue may aid in phishing attacks.
Note: This issue was previously covered in BID 58030 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2013-21 through -28 Multiple Vulnerabilities), but has been given its own record to better document it.
This issue is fixed in:
Firefox 19.0
Firefox ESR 17.0.3
Thunderbird 17.0.3
Thunderbird ESR 17.0.3
SeaMonkey 2.16
Exploit / POC
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0776 URI Spoofing Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0776 URI Spoofing Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Slackware Linux x86_64 -current
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Slackware Linux x86_64 -current
-
Slackware mozilla-firefox-19.0-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ xap/mozilla-firefox-19.0-x86_64-1.txz -
Slackware mozilla-thunderbird-17.0.3-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ xap/mozilla-thunderbird-17.0.3-x86_64-1.txz -
Slackware seamonkey-2.16-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ xap/seamonkey-2.16-x86_64-1.txz -
Slackware seamonkey-solibs-2.16-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ l/seamonkey-solibs-2.16-x86_64-1.txz
References
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0776 URI Spoofing Vulnerability
References:
References: