Improper input validation in Mozilla Firefox

CVE-2013-5593

The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which all…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.005 (65.6th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions 24.0, 24.0.1, 24.0.2
Mozilla Seamonkey — versions 2.0, 2.0.1, 2.0.2
Mozilla Thunderbird — versions 17.0, 17.0.1, 17.0.2
Mozilla Thunderbird_esr — versions 17.0.9
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

openSUSE-SU-2013:1633 (vendor-advisory, x_refsource_SUSE)
GLSA-201504-01 (vendor-advisory, x_refsource_GENTOO)
oval:org.mitre.oval:def:19263 (x_refsource_OVAL, signature, vdb-entry)
openSUSE-SU-2013:1634 (vendor-advisory, x_refsource_SUSE)
security@mozilla.org (x_refsource_CONFIRM)
security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)