Search for vulnerabilities
Vulnerability details: VCID-dkqm-543v-c3fv
Vulnerability ID VCID-dkqm-543v-c3fv
Aliases CVE-2013-1687
Summary Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
epss 0.01908 https://api.first.org/data/v1/epss?cve=CVE-2013-1687
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2013-51
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1687.json
https://api.first.org/data/v1/epss?cve=CVE-2013-1687
977600 https://bugzilla.redhat.com/show_bug.cgi?id=977600
CVE-2013-1687 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
mfsa2013-51 https://www.mozilla.org/en-US/security/advisories/mfsa2013-51
RHSA-2013:0981 https://access.redhat.com/errata/RHSA-2013:0981
RHSA-2013:0982 https://access.redhat.com/errata/RHSA-2013:0982
USN-1890-1 https://usn.ubuntu.com/1890-1/
USN-1891-1 https://usn.ubuntu.com/1891-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.82512
EPSS Score 0.01908
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:10:17.338782+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2013/mfsa2013-51.md 37.0.0