VYPR
Unrated severityNVD Advisory· Published Dec 11, 2013· Updated Jun 16, 2026

CVE-2013-5614

CVE-2013-5614

Description

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

30
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <26.0
    • (no CPE)range: <26.0
  • cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: <2.23
    • (no CPE)range: <2.23
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE3 versions
    cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*+ 1 more
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
  • osv-coords2 versions
    < 128.5.1-1.1+ 1 more
    • (no CPE)range: < 128.5.1-1.1
    • (no CPE)range: < 50.1.0-1.1

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.