Firefox crypto.generateCRMFRequest command execution

Added: 08/21/2014
CVE: CVE-2013-1710
BID: 61900
OSVDB: 96019

Background

Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.

Problem

A vulnerability in the implementation of the crypto.generateCRMFRequest javascript method allows command execution when a user opens a specially crafted page in Firefox.

Resolution

Upgrade to Firefox 23.0 or higher.

References

https://www.mozilla.org/security/announce/2013/mfsa2013-69.html

Limitations

Exploit works on Firefox 15.0 through 22.0 and requires a user to load the exploit page in Firefox.

Platforms

Windows
Linux
Mac OS X

Back to exploit index