CVE-2013-6673

Published: Dec 11, 2013Modified: Apr 29, 2026

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.

Affected (18)

Products: Fedoraproject: Fedora · Mozilla: Firefox, Seamonkey, Thunderbird · Opensuse: Opensuse · +2 more

Show all products

Fedoraproject: Fedora · Mozilla: Firefox, Seamonkey, Thunderbird · Opensuse: Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Server, Suse Linux Enterprise Software Development Kit · Canonical: Ubuntu Linux

1 product

3 products

1 product

3 products

Linux Enterprise Desktop

Linux Enterprise Server

Suse Linux Enterprise Software Development Kit

Canonical

1 product

Ubuntu Linux

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 18
Fedoraproject Fedora	Version 19
Fedoraproject Fedora	Version 20

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 26.0
Mozilla Firefox	From 24.0 to 24.2
Mozilla Seamonkey	Before 2.23
Mozilla Thunderbird	Before 24.2

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.2
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1
Suse Linux Enterprise Desktop	Version 11 sp3
Suse Linux Enterprise Server	Version 11 sp3
Suse Linux Enterprise Server	Version 11 sp3
Suse Suse Linux Enterprise Software Development Kit	Version 11.0 sp3

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10
Canonical Ubuntu Linux	Version 13.04
Canonical Ubuntu Linux	Version 13.10

Related CWEs

CWE-310

References (42)

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://www.mozilla.org/security/announce/2013/mfsa2013-113.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

Third Party Advisory

http://www.securityfocus.com/bid/64213

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029470

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029476

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2052-1

Source: security@mozilla.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2053-1

Source: security@mozilla.org

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=917380

Source: security@mozilla.org

ExploitIssue TrackingVendor Advisory

https://security.gentoo.org/glsa/201504-01

Source: security@mozilla.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.mozilla.org/security/announce/2013/mfsa2013-113.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/64213

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029470

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029476

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2052-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.ubuntu.com/usn/USN-2053-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=917380

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

https://security.gentoo.org/glsa/201504-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.