CVE-2013-6673 — MEDIUM (5.9)

Q: How severe is CVE-2013-6673?

CVE-2013-6673 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-6673?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Suse Suse Linux Enterprise Software Development Kit.

Vulnerability Description

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Fedoraproject	Fedora	18
Mozilla	Firefox	< 26.0
Mozilla	Seamonkey	< 2.23
Mozilla	Thunderbird	< 24.2
Suse	Suse Linux Enterprise Software Development Kit	11.0
Opensuse	Opensuse	12.2
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Server	11
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-310

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.hMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.hMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.hMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.htMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.htmlMailing ListThird Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-113.htmlVendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
http://www.securityfocus.com/bid/64213Third Party AdvisoryVDB Entry

FAQ

What is CVE-2013-6673?

CVE-2013-6673 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it ea...

How severe is CVE-2013-6673?

CVE-2013-6673 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-6673?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Suse Suse Linux Enterprise Software Development Kit.