Upstream information

CVE-2013-1671 at MITRE

Description

Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 819204 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • MozillaFirefox >= 31.1.0esr-1.20
  • MozillaFirefox-translations >= 31.1.0esr-1.20
Patchnames:
SUSE Linux Enterprise Desktop 12 GA MozillaFirefox
SUSE Linux Enterprise Desktop 12 SP1
  • MozillaFirefox >= 38.4.0esr-51.1
  • MozillaFirefox-translations >= 38.4.0esr-51.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA MozillaFirefox
SUSE Linux Enterprise Desktop 12 SP2
  • MozillaFirefox >= 45.4.0esr-81.1
  • MozillaFirefox-translations >= 45.4.0esr-81.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA MozillaFirefox
SUSE Linux Enterprise Server 12
  • MozillaFirefox >= 31.1.0esr-1.20
  • MozillaFirefox-translations >= 31.1.0esr-1.20
Patchnames:
SUSE Linux Enterprise Server 12 GA MozillaFirefox
SUSE Linux Enterprise Server 12 SP1
  • MozillaFirefox >= 38.4.0esr-51.1
  • MozillaFirefox-translations >= 38.4.0esr-51.1
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA MozillaFirefox
SUSE Linux Enterprise Server 12 SP2
  • MozillaFirefox >= 45.4.0esr-81.1
  • MozillaFirefox-translations >= 45.4.0esr-81.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA MozillaFirefox
SUSE Linux Enterprise Software Development Kit 12
  • MozillaFirefox-devel >= 31.1.0esr-1.20
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA MozillaFirefox-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • MozillaFirefox-devel >= 38.3.0esr-48.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA MozillaFirefox-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • MozillaFirefox-devel >= 45.4.0esr-81.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA MozillaFirefox-devel
openSUSE 12.3
  • MozillaFirefox >= 21.0-1.18.1
  • MozillaFirefox-branding-openSUSE >= 21-2.5.1
  • MozillaFirefox-branding-upstream >= 21.0-1.18.1
  • MozillaFirefox-buildsymbols >= 21.0-1.18.1
  • MozillaFirefox-debuginfo >= 21.0-1.18.1
  • MozillaFirefox-debugsource >= 21.0-1.18.1
  • MozillaFirefox-devel >= 21.0-1.18.1
  • MozillaFirefox-translations-common >= 21.0-1.18.1
  • MozillaFirefox-translations-other >= 21.0-1.18.1
  • mozilla-nspr >= 4.9.6-1.7.1
  • mozilla-nspr-32bit >= 4.9.6-1.7.1
  • mozilla-nspr-debuginfo >= 4.9.6-1.7.1
  • mozilla-nspr-debuginfo-32bit >= 4.9.6-1.7.1
  • mozilla-nspr-debugsource >= 4.9.6-1.7.1
  • mozilla-nspr-devel >= 4.9.6-1.7.1
Patchnames:
openSUSE-2013-438
openSUSE 13.2
  • MozillaFirefox >= 33.0-2.1
  • MozillaFirefox-translations-common >= 33.0-2.1
Patchnames:
openSUSE 13.2 GA MozillaFirefox
openSUSE Evergreen 11.4
  • MozillaFirefox >= 21.0-75.2
  • MozillaFirefox-branding-openSUSE >= 21-16.1
  • MozillaFirefox-branding-upstream >= 21.0-75.2
  • MozillaFirefox-buildsymbols >= 21.0-75.2
  • MozillaFirefox-debuginfo >= 21.0-75.2
  • MozillaFirefox-debugsource >= 21.0-75.2
  • MozillaFirefox-devel >= 21.0-75.2
  • MozillaFirefox-translations-common >= 21.0-75.2
  • MozillaFirefox-translations-other >= 21.0-75.2
  • MozillaThunderbird >= 17.0.6-61.2
  • MozillaThunderbird-buildsymbols >= 17.0.6-61.2
  • MozillaThunderbird-debuginfo >= 17.0.6-61.2
  • MozillaThunderbird-debugsource >= 17.0.6-61.2
  • MozillaThunderbird-devel >= 17.0.6-61.2
  • MozillaThunderbird-devel-debuginfo >= 17.0.6-61.2
  • MozillaThunderbird-translations-common >= 17.0.6-61.2
  • MozillaThunderbird-translations-other >= 17.0.6-61.2
  • enigmail >= 1.5.1+17.0.6-61.2
  • enigmail-debuginfo >= 1.5.1+17.0.6-61.2
Patchnames:
2013-85
openSUSE Leap 42.1
  • MozillaFirefox >= 41.0.2-1.2
  • MozillaFirefox-translations-common >= 41.0.2-1.2
Patchnames:
openSUSE Leap 42.1 GA MozillaFirefox
openSUSE Leap 42.2
  • MozillaFirefox >= 49.0.2-37.1
  • MozillaFirefox-translations-common >= 49.0.2-37.1
Patchnames:
openSUSE Leap 42.2 GA MozillaFirefox
openSUSE Tumbleweed
  • MozillaFirefox >= 50.1.0-1.1
  • MozillaFirefox-branding-upstream >= 50.1.0-1.1
  • MozillaFirefox-buildsymbols >= 50.1.0-1.1
  • MozillaFirefox-devel >= 50.1.0-1.1
  • MozillaFirefox-translations-common >= 50.1.0-1.1
  • MozillaFirefox-translations-other >= 50.1.0-1.1
Patchnames:
openSUSE Tumbleweed GA MozillaFirefox