CVE-2013-0776
Publication date 20 February 2013
Last updated 24 July 2024
Ubuntu priority
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 13.10 saucy |
Not affected
|
13.04 raring |
Not affected
|
|
12.10 quantal |
Fixed 19.0+build1-0ubuntu0.12.10.1
|
|
12.04 LTS precise |
Fixed 19.0+build1-0ubuntu0.12.04.1
|
|
11.10 oneiric |
Fixed 19.0+build1-0ubuntu0.11.10.1
|
|
10.04 LTS lucid |
Fixed 19.0+build1-0ubuntu0.10.04.1
|
|
8.04 LTS hardy | Ignored end of life | |
seamonkey | 13.10 saucy | Not in release |
13.04 raring | Not in release | |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Ignored end of life | |
10.04 LTS lucid | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
thunderbird | 13.10 saucy |
Not affected
|
13.04 raring |
Not affected
|
|
12.10 quantal |
Fixed 17.0.3+build1-0ubuntu0.12.10.1
|
|
12.04 LTS precise |
Fixed 17.0.3+build1-0ubuntu0.12.04.1
|
|
11.10 oneiric |
Fixed 17.0.3+build1-0ubuntu0.11.10.1
|
|
10.04 LTS lucid |
Fixed 17.0.3+build1-0ubuntu0.10.04.1
|
|
8.04 LTS hardy | Ignored end of life | |
xulrunner-1.9.2 | 13.10 saucy | Not in release |
13.04 raring | Not in release | |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
10.04 LTS lucid | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
xulrunner-2.0 | 13.10 saucy | Not in release |
13.04 raring | Not in release | |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release |
Notes
References
Related Ubuntu Security Notices (USN)
- USN-1748-1
- Thunderbird vulnerabilities
- 25 February 2013
- USN-1729-1
- Firefox vulnerabilities
- 20 February 2013