CVE-2013-1670

Name	CVE-2013-1670
Description	The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2699-1, DSA-2720-1

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin
iceape	source	squeeze	(unfixed)	end-of-life
iceape	source	wheezy	(unfixed)	end-of-life
iceape	source	(unstable)	(unfixed)
icedove	source	squeeze	(unfixed)	end-of-life
icedove	source	wheezy	17.0.7-1~deb7u1		DSA-2720-1
icedove	source	(unstable)	17.0.7-1
iceweasel	source	squeeze	(unfixed)	end-of-life
iceweasel	source	wheezy	17.0.6esr-1~deb7u1		DSA-2699-1
iceweasel	source	(unstable)	17.0.6esr-1