Unrated severityNVD Advisory· Published May 16, 2013· Updated Apr 29, 2026
CVE-2013-1670
CVE-2013-1670
Description
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
Affected products
23cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=20.0.1
- cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=17.0.5
- cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- www.mozilla.org/security/announce/2013/mfsa2013-42.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0820.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0821.htmlnvd
- www.debian.org/security/2013/dsa-2699nvd
- www.exploit-db.com/exploits/34363nvd
- www.mandriva.com/security/advisoriesnvd
- www.osvdb.org/93427nvd
- www.securityfocus.com/bid/59865nvd
- www.ubuntu.com/usn/USN-1822-1nvd
- www.ubuntu.com/usn/USN-1823-1nvd
- bugzilla.mozilla.org/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17046nvd
News mentions
0No linked articles in our index yet.