Vulnerability CVE-2013-0798

Vulnerability Name:

CVE-2013-0798 (CCN-83195)

Assigned:

2013-04-02

Published:

2013-04-02

Updated:

2013-06-05

Summary:

Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2013-0798

Source: SUSE
Type: UNKNOWN
SUSE-SU-2013:0645

Source: CCN
Type: SA52770
Mozilla Firefox Multiple Vulnerabilities

Source: CCN
Type: MFSA 2013-33
World read and write access to app_tmp directory on Android

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-33.html

Source: CCN
Type: BID-58829
Mozilla Firefox 'app_tmp' Directory Insecure Permissions Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=844832

Source: XF
Type: UNKNOWN
firefox-cve20130798-sec-bypass(83195)

Vulnerable Configuration:

Configuration 1:

cpe:/a:mozilla:firefox:19.0:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 19.0.2)

AND

cpe:/o:google:android:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:firefox:19.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20130798	V	CVE-2013-0798	2022-05-20
oval:org.opensuse.security:def:26178	P	Security update for the Linux Kernel (Important)	2021-12-02
oval:org.opensuse.security:def:57138	P	Security update for clamav (Moderate)	2021-12-01
oval:org.opensuse.security:def:33048	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:26167	P	Security update for php72 (Moderate)	2021-11-19
oval:org.opensuse.security:def:26166	P	Security update for php74 (Moderate)	2021-11-18
oval:org.opensuse.security:def:33042	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:33037	P	Security update for tomcat (Important)	2021-11-03
oval:org.opensuse.security:def:33036	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:33724	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:33019	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:34550	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:32980	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:34510	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:29381	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:33659	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:32931	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:55184	P	Security update for the Linux Kernel (Important)	2021-05-17
oval:org.opensuse.security:def:55862	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:32268	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:33086	P	Security update for ImageMagick (Moderate)	2021-02-25
oval:org.opensuse.security:def:28937	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:32257	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:33765	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:33763	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:32256	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:29466	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:33716	P	Security update for tomcat (Moderate)	2021-01-05
oval:org.opensuse.security:def:54739	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:55781	P	Security update for python (Important)	2020-12-11
oval:org.opensuse.security:def:33872	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:29038	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26592	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55743	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:29027	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:26508	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:55669	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:28549	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29026	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:26451	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:55577	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28514	P	Security update for openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:26370	P	Security update for mbedtls (Important)	2020-12-01
oval:org.opensuse.security:def:55469	P	Security update for dbus-1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27876	P	Security update for sendmail	2020-12-01
oval:org.opensuse.security:def:26242	P	Security update for ibus (Important)	2020-12-01
oval:org.opensuse.security:def:27832	P	Security update for lxc (Moderate)	2020-12-01
oval:org.opensuse.security:def:55018	P	syslog-service on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27818	P	Security update for libssh2_org	2020-12-01
oval:org.opensuse.security:def:54912	P	libpolkit0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27779	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:27730	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:54501	P	java-1_7_0-openjdk-plugin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27677	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:54361	P	procmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27526	P	opensc-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54339	P	ntp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27442	P	libevent-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29711	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:54338	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27385	P	cvs-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29675	P	Security update for djvulibre (Low)	2020-12-01
oval:org.opensuse.security:def:27303	P	systemtap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32874	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29037	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27175	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32718	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28993	P	Security update for xscreensaver (Moderate)	2020-12-01
oval:org.opensuse.security:def:27111	P	dnsmasq on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32631	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28976	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:27100	P	cpio on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32574	P	libxslt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27099	P	coreutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32480	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28888	P	Security update for compat-openssl097g (Important)	2020-12-01
oval:org.opensuse.security:def:32345	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:28834	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:33828	P	Security update for gnuplot (Moderate)	2020-12-01
oval:org.opensuse.security:def:28682	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:33804	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:28598	P	Security update for ruby	2020-12-01
oval:org.opensuse.security:def:30498	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:28541	P	Security update for dhcp	2020-12-01
oval:org.opensuse.security:def:30461	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:28456	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29823	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28325	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:33502	P	Security update for mutt	2020-12-01
oval:org.opensuse.security:def:29779	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:28258	P	Security update for lxc (Moderate)	2020-12-01
oval:org.opensuse.security:def:33414	P	Security update for Salt (Moderate)	2020-12-01
oval:org.opensuse.security:def:29761	P	Security update for giflib (Moderate)	2020-12-01
oval:org.opensuse.security:def:28247	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33357	P	Security update for openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:29722	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:27615	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:28246	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33262	P	stunnel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29673	P	Security update for dhcpv6	2020-12-01
oval:org.opensuse.security:def:27580	P	xen-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33127	P	kernel-default on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29619	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26942	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26898	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26884	P	dhcpcd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57212	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29324	P	Security update for compat-openssl097g (Important)	2020-12-01
oval:org.opensuse.security:def:26845	P	xorg-x11-libs-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29238	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:26796	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29107	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26743	P	libdrm on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:25919	P	SUSE-SU-2013:1152-1 -- Security update for Mozilla Firefox	2015-03-16
oval:org.mitre.oval:def:26035	P	SUSE-SU-2013:0645-1 -- Security update for Mozilla Firefox	2015-03-16
oval:org.opensuse.security:def:79846	P	Security update for Mozilla Firefox	2013-04-04
oval:com.ubuntu.precise:def:20130798000	V	CVE-2013-0798 on Ubuntu 12.04 LTS (precise) - medium.	2013-04-03

BACK