CVE-2013-1692
Publication date 25 June 2013
Last updated 24 July 2024
Ubuntu priority
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 13.04 raring |
Fixed 22.0+build1-0ubuntu0.13.04.1
|
12.10 quantal |
Fixed 22.0+build1-0ubuntu0.12.10.1
|
|
12.04 LTS precise |
Fixed 22.0+build1-0ubuntu0.12.04.1
|
|
10.04 LTS lucid | Ignored end of life | |
seamonkey | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
10.04 LTS lucid | Ignored end of life | |
thunderbird | 13.04 raring |
Fixed 17.0.7+build1-0ubuntu0.13.04.1
|
12.10 quantal |
Fixed 17.0.7+build1-0ubuntu0.12.10.1
|
|
12.04 LTS precise |
Fixed 17.0.7+build1-0ubuntu0.12.04.1
|
|
10.04 LTS lucid | Ignored end of life | |
xulrunner-1.9.2 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
10.04 LTS lucid | Ignored end of life |
References
Related Ubuntu Security Notices (USN)
- USN-1890-1
- Firefox vulnerabilities
- 26 June 2013
- USN-1891-1
- Thunderbird vulnerabilities
- 26 June 2013