Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1y3r-cus3-nkc6
Vulnerability ID VCID-1y3r-cus3-nkc6
Aliases CVE-2013-1698
Summary Mozilla engineer Matt Wobensmith discovered that when the getUserMedia permission dialog for an iframe appears in one domain, it will display its origin as that of the top-level document and not the calling framed page. This could lead to users incorrectly giving camera or microphone permissions when confusing the requesting page's location for a hosting one's.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2013-1698
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2013-1698
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2013-1698
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2013-1698
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2013-1698
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2013-1698
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2013-1698
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2013-1698
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2013-1698
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2013-1698
generic_textual none https://www.mozilla.org/en-US/security/advisories/mfsa2013-60
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1698.json
https://api.first.org/data/v1/epss?cve=CVE-2013-1698
https://bugzilla.mozilla.org/show_bug.cgi?id=876044
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16791
http://www.mozilla.org/security/announce/2013/mfsa2013-60.html
http://www.ubuntu.com/usn/USN-1890-1
977615 https://bugzilla.redhat.com/show_bug.cgi?id=977615
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*
CVE-2013-1698 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1698
CVE-2013-1698 https://nvd.nist.gov/vuln/detail/CVE-2013-1698
mfsa2013-60 https://www.mozilla.org/en-US/security/advisories/mfsa2013-60
USN-1890-1 https://usn.ubuntu.com/1890-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-1698
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.55697
EPSS Score 0.00328
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:17:42.442693+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2013/mfsa2013-60.md 38.0.0