Unrated severityNVD Advisory· Published Jun 26, 2013· Updated Jun 16, 2026
CVE-2013-1692
CVE-2013-1692
Description
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
32cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=21.0
- cpe:2.3:a:mozilla:firefox:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*
- (no CPE)range: <22.0
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=17.0.6
- cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.6:*:*:*:*:*:*:*
- (no CPE)range: <17.0.7
- osv-coords3 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1
Patches
Vulnerability mechanics
References
16- www.mozilla.org/security/announce/2013/mfsa2013-54.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0981.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0982.htmlnvd
- www.debian.org/security/2013/dsa-2716nvd
- www.debian.org/security/2013/dsa-2720nvd
- www.securityfocus.com/bid/60783nvd
- www.ubuntu.com/usn/USN-1890-1nvd
- www.ubuntu.com/usn/USN-1891-1nvd
- bugzilla.mozilla.org/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17096nvd
News mentions
0No linked articles in our index yet.