CVE-2013-1670

CVE Database · CVE-2013-1670

CVE-2013-1670

· N/AModified

CVSS v3.1

N/A

EPSS

10.98%

Published

May 16, 2013

Modified

Apr 28, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMozilla Firefox - toString console.time Privileged JavaScript Injection (Metasploit)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.

Weaknesses (CWE)

CWE-79CWE-264

Affected Products (23)

mozilla · firefoxvulnerable

· firefox

References (20)

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html

http://rhn.redhat.com/errata/RHSA-2013-0820.html

http://rhn.redhat.com/errata/RHSA-2013-0821.html

http://www.debian.org/security/2013/dsa-2699

http://www.exploit-db.com/exploits/34363

http://www.mandriva.com/security/advisories?name=MDVSA-2013:165

http://www.mozilla.org/security/announce/2013/mfsa2013-42.html

KEV Catalog EPSS Scores Vendors All CVEs