Vulnerability Name:

CVE-2013-6853 (CCN-90529)

Assigned:2013-11-22
Published:2014-01-14
Updated:2021-09-22
Summary:Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Cross-Site Scripting
References:Source: MITRE
Type: CNA
CVE-2013-6853

Source: CCN
Type: CXSECURITY Web site
CVE-2013-6853: Stored XSS via Code Injection in Y! Toolbar DOM for FireFox

Source: OSVDB
Type: UNKNOWN
102175

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html

Source: MISC
Type: UNKNOWN
http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html

Source: BID
Type: UNKNOWN
64971

Source: CCN
Type: BID-64971
Yahoo! Toolbar for FireFox CVE-2013-6853 Unspecified HTML Injection Vulnerability

Source: XF
Type: UNKNOWN
yahootoolbar-clickstream-xss(90529)

Source: XF
Type: UNKNOWN
yahootoolbar-clickstream-xss(90529)

Source: CCN
Type: Yahoo! Toolbar Web site
Yahoo! Toolba

Vulnerable Configuration:Configuration 1:
  • cpe:/a:yahoo:toolbar:3.1.0.20130813024103:*:*:*:*:*:*:*
  • AND
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:*
  • OR cpe:/o:apple:macos:*:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:yahoo:toolbar:2.5.9.2013418100420:*:*:*:*:*:*:*
  • AND
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:*
  • OR cpe:/o:apple:macos:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    yahoo toolbar 3.1.0.20130813024103
    mozilla firefox *
    apple macos *
    yahoo toolbar 2.5.9.2013418100420
    mozilla firefox *
    apple macos *