CVE-2013-0776

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
< 17.0.3
mozillafirefox
𝑥
< 19.0
mozillaseamonkey
𝑥
< 2.16
mozillathunderbird
𝑥
< 17.0.3
mozillathunderbird_esr
𝑥
< 17.0.3
opensuseopensuse
11.4
opensuseopensuse
12.1
opensuseopensuse
12.2
redhatenterprise_linux_aus
5.9
redhatenterprise_linux_desktop
5.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_eus
5.9
redhatenterprise_linux_eus
6.3
redhatenterprise_linux_server
5.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
5.0
redhatenterprise_linux_workstation
6.0
debiandebian_linux
7.0
canonicalubuntu_linux
10.04
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
hardy
ignored
lucid
Fixed 19.0+build1-0ubuntu0.10.04.1
released
oneiric
Fixed 19.0+build1-0ubuntu0.11.10.1
released
precise
Fixed 19.0+build1-0ubuntu0.12.04.1
released
quantal
Fixed 19.0+build1-0ubuntu0.12.10.1
released
raring
not-affected
saucy
not-affected
seamonkey
hardy
ignored
lucid
ignored
oneiric
ignored
precise
dne
quantal
dne
raring
dne
saucy
dne
thunderbird
hardy
ignored
lucid
Fixed 17.0.3+build1-0ubuntu0.10.04.1
released
oneiric
Fixed 17.0.3+build1-0ubuntu0.11.10.1
released
precise
Fixed 17.0.3+build1-0ubuntu0.12.04.1
released
quantal
Fixed 17.0.3+build1-0ubuntu0.12.10.1
released
raring
not-affected
saucy
not-affected
xulrunner-1.9.2
hardy
ignored
lucid
ignored
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
xulrunner-2.0
hardy
dne
lucid
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
MozillaFirefox
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 12 SP5
68.1.0-109.92.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 12 SP5
68.1.0-109.92.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-devel
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-translations-common
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 12 SP5
68.1.0-109.92.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 12 SP5
68.1.0-109.92.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-translations-other
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaThunderbird
suse enterprise desktop 15
52.8-1.2
fixed
suse enterprise desktop 15 SP1
60.6.1-3.28.1
fixed
suse enterprise sap 15
52.8-1.2
fixed
suse enterprise sap 15 SP1
60.6.1-3.28.1
fixed
suse enterprise server 15
52.8-1.2
fixed
suse enterprise server 15 SP1
60.6.1-3.28.1
fixed
suse enterprise workstation 15
52.8-1.2
fixed
suse enterprise workstation 15 SP1
60.6.1-3.28.1
fixed
MozillaThunderbird-devel
suse enterprise desktop 15
52.8-1.2
fixed
suse enterprise sap 15
52.8-1.2
fixed
suse enterprise server 15
52.8-1.2
fixed
suse enterprise workstation 15
52.8-1.2
fixed
MozillaThunderbird-translations-common
suse enterprise desktop 15
52.8-1.2
fixed
suse enterprise desktop 15 SP1
60.6.1-3.28.1
fixed
suse enterprise sap 15
52.8-1.2
fixed
suse enterprise sap 15 SP1
60.6.1-3.28.1
fixed
suse enterprise server 15
52.8-1.2
fixed
suse enterprise server 15 SP1
60.6.1-3.28.1
fixed
suse enterprise workstation 15
52.8-1.2
fixed
suse enterprise workstation 15 SP1
60.6.1-3.28.1
fixed
MozillaThunderbird-translations-other
suse enterprise desktop 15
52.8-1.2
fixed
suse enterprise desktop 15 SP1
60.6.1-3.28.1
fixed
suse enterprise sap 15
52.8-1.2
fixed
suse enterprise sap 15 SP1
60.6.1-3.28.1
fixed
suse enterprise server 15
52.8-1.2
fixed
suse enterprise server 15 SP1
60.6.1-3.28.1
fixed
suse enterprise workstation 15
52.8-1.2
fixed
suse enterprise workstation 15 SP1
60.6.1-3.28.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
firefox
RHEL 6
0:17.0.3-1.el6_3
fixed
libproxy
RHEL 6
0:0.3.0-4.el6_3
fixed
libproxy-bin
RHEL 6
0:0.3.0-4.el6_3
fixed
libproxy-devel
RHEL 6
0:0.3.0-4.el6_3
fixed
libproxy-gnome
RHEL 6
0:0.3.0-4.el6_3
fixed
libproxy-kde
RHEL 6
0:0.3.0-4.el6_3
fixed
libproxy-mozjs
RHEL 6
0:0.3.0-4.el6_3
fixed
libproxy-python
RHEL 6
0:0.3.0-4.el6_3
fixed
libproxy-webkit
RHEL 6
0:0.3.0-4.el6_3
fixed
thunderbird
RHEL 6
0:17.0.3-1.el6_3
fixed
xulrunner
RHEL 6
0:17.0.3-1.el6_3
fixed
xulrunner-devel
RHEL 6
0:17.0.3-1.el6_3
fixed
yelp
RHEL 6
0:2.28.1-17.el6_3
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
http://rhn.redhat.com/errata/RHSA-2013-0271.html
http://rhn.redhat.com/errata/RHSA-2013-0272.html
http://www.debian.org/security/2013/dsa-2699
http://www.mozilla.org/security/announce/2013/mfsa2013-27.html
http://www.ubuntu.com/usn/USN-1729-1
http://www.ubuntu.com/usn/USN-1729-2
http://www.ubuntu.com/usn/USN-1748-1
https://bugzilla.mozilla.org/show_bug.cgi?id=796475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16666
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
http://rhn.redhat.com/errata/RHSA-2013-0271.html
http://rhn.redhat.com/errata/RHSA-2013-0272.html
http://www.debian.org/security/2013/dsa-2699
http://www.mozilla.org/security/announce/2013/mfsa2013-27.html
http://www.ubuntu.com/usn/USN-1729-1
http://www.ubuntu.com/usn/USN-1729-2
http://www.ubuntu.com/usn/USN-1748-1
https://bugzilla.mozilla.org/show_bug.cgi?id=796475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16666