Clickjacking Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey

Clickjacking Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey

CVE-2013-0747 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.