Search for vulnerabilities
Vulnerability details: VCID-5pex-cuvc-wqdg
Vulnerability ID VCID-5pex-cuvc-wqdg
Aliases CVE-2013-1710
Summary Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
epss 0.79223 https://api.first.org/data/v1/epss?cve=CVE-2013-1710
epss 0.79223 https://api.first.org/data/v1/epss?cve=CVE-2013-1710
epss 0.79223 https://api.first.org/data/v1/epss?cve=CVE-2013-1710
epss 0.79223 https://api.first.org/data/v1/epss?cve=CVE-2013-1710
epss 0.79223 https://api.first.org/data/v1/epss?cve=CVE-2013-1710
epss 0.79223 https://api.first.org/data/v1/epss?cve=CVE-2013-1710
epss 0.79223 https://api.first.org/data/v1/epss?cve=CVE-2013-1710
epss 0.79223 https://api.first.org/data/v1/epss?cve=CVE-2013-1710
epss 0.79223 https://api.first.org/data/v1/epss?cve=CVE-2013-1710
epss 0.79223 https://api.first.org/data/v1/epss?cve=CVE-2013-1710
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2013-69
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1710.json
https://api.first.org/data/v1/epss?cve=CVE-2013-1710
993602 https://bugzilla.redhat.com/show_bug.cgi?id=993602
CVE-2012-3993;OSVDB-96019;CVE-2013-1710 Exploit https://github.com/rapid7/metasploit-framework/blob/72caeaa72f843ec3534e272427c3915ef498b2f9/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb
CVE-2012-3993;OSVDB-96019;CVE-2013-1710 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/30474.rb
CVE-2013-1710 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1710
mfsa2013-69 https://www.mozilla.org/en-US/security/advisories/mfsa2013-69
RHSA-2013:1140 https://access.redhat.com/errata/RHSA-2013:1140
RHSA-2013:1142 https://access.redhat.com/errata/RHSA-2013:1142
USN-1924-1 https://usn.ubuntu.com/1924-1/
USN-1925-1 https://usn.ubuntu.com/1925-1/
Data source Metasploit
Description This exploit gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date May 14, 2013
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/firefox_tostring_console_injection.rb
Data source Exploit-DB
Date added Dec. 24, 2013
Description Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)
Ransomware campaign use Known
Source publication date Aug. 6, 2013
Exploit type local
Platform multiple
Source update date April 1, 2017
Source URL https://github.com/rapid7/metasploit-framework/blob/72caeaa72f843ec3534e272427c3915ef498b2f9/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb
Exploit Prediction Scoring System (EPSS)
Percentile 0.99018
EPSS Score 0.79223
Published At July 31, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:10:19.022556+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2013/mfsa2013-69.md 37.0.0