CVE-2013-0747

NameCVE-2013-0747
DescriptionThe gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icedove (PTS)jessie1:52.3.0-4~deb8u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesource(unstable)(not affected)
icedovesource(unstable)(not affected)
iceweaselsource(unstable)(not affected)

Notes

- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)

Search for package or bug name: Reporting problems