CVE-2013-0776

NameCVE-2013-0776
DescriptionMozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2699-1
NVD severitymedium (attack range: remote, user-initiated)
Debian Bugs703071
Debian/oldstablepackages icedove, iceweasel are vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
iceape (PTS)squeeze (security)2.0.11-17vulnerable
icedove (PTS)squeeze (security), squeeze3.0.11-1+squeeze15vulnerable
wheezy31.3.0-1~deb7u1fixed
wheezy (security)31.4.0-1~deb7u1fixed
jessie, sid31.4.0-2fixed
iceweasel (PTS)squeeze (security), squeeze3.5.16-20vulnerable
wheezy31.3.0esr-1~deb7u1fixed
wheezy (security)31.5.0esr-1~deb7u1fixed
jessie31.4.0esr-1fixed
sid31.5.0esr-1fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesource(unstable)(unfixed)medium
iceapesourcesqueeze(unfixed)end-of-life
iceapesourcewheezy(unfixed)end-of-life
icedovesource(unstable)17.0.5-1medium
icedovesourcesqueeze(unfixed)end-of-life
iceweaselsource(unstable)17.0.5esr-1medium703071
iceweaselsourcesqueeze(unfixed)end-of-life
iceweaselsourcewheezy17.0.6esr-1~deb7u1mediumDSA-2699-1

Search for package or bug name: Reporting problems