CVE-2013-6672 — MEDIUM (4.3)

Q: What is CVE-2013-6672?

CVE-2013-6672 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.

Q: How severe is CVE-2013-6672?

CVE-2013-6672 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-6672?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Mozilla Firefox.

Vulnerability Description

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Opensuse	Opensuse	12.2
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11
Mozilla	Firefox	< 26.0
Mozilla	Seamonkey	< 2.23
Linux	Linux Kernel	All versions
Canonical	Ubuntu Linux	12.04
Oracle	Solaris	11.3
Fedoraproject	Fedora	19

Related Weaknesses (CWE)

CWE-200

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.hMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.hMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.htmlMailing ListThird Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-112.htmlVendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
http://www.securityfocus.com/bid/64210Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1029470Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1029476Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2052-1Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=894736Issue TrackingVendor Advisory
https://security.gentoo.org/glsa/201504-01Third Party Advisory

FAQ

What is CVE-2013-6672?

CVE-2013-6672 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.

How severe is CVE-2013-6672?

CVE-2013-6672 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-6672?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Mozilla Firefox.