VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-pden-es6n-nfey

Essentials
Severities (11)
References (18)
Severity details (2)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pden-es6n-nfey
Aliases	CVE-2013-1699
Summary	Security researcher 3ric Johanson reported in discussions with Richard Newman and Holt Sorenson that Verisign's prevention measures for homograph attacks using Internationalized Domain Names (IDN) were insufficiently rigorous, and this led to a limited possibility for domain spoofing in Firefox.IDN allows non-English speakers to use domains in their local language. Many supported characters are similar or identical to others in English, allowing for the potential spoofing of domain names and for phishing attacks when not blocked. In consultation with Verisign, Mozilla had added .com, .net, and .name top-level domains to its IDN whitelist, allowing for IDN use in those top-level domains without restrictions. However, it became clear that a number of historical dangerous registrations continued to be valid.This issue has been fixed by removing the .com, .net, and .name top-level domains from the IDN whitelist, and supplementing the whitelist implementation with technical restrictions against script-mixing in domain labels. These restrictions apply to all non-whitelisted top-level domains. More information on the exact algorithm used can be found here.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-310

Cryptographic Issues

System	Score	Found at
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2013-1699
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2013-1699
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2013-1699
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2013-1699
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2013-1699
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2013-1699
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2013-1699
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2013-1699
epss	0.00367	https://api.first.org/data/v1/epss?cve=CVE-2013-1699
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2013-1699
generic_textual	none	https://www.mozilla.org/en-US/security/advisories/mfsa2013-61

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1699.json
		https://api.first.org/data/v1/epss?cve=CVE-2013-1699
		https://bugzilla.mozilla.org/show_bug.cgi?id=840882
		https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17296
		http://www.mozilla.org/security/announce/2013/mfsa2013-61.html
		http://www.ubuntu.com/usn/USN-1890-1
977621		https://bugzilla.redhat.com/show_bug.cgi?id=977621
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox:19.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:19.0:::::::*
cpe:2.3:a:mozilla:firefox:19.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:19.0.1:::::::*
cpe:2.3:a:mozilla:firefox:19.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:19.0.2:::::::*
cpe:2.3:a:mozilla:firefox:20.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:20.0:::::::*
cpe:2.3:a:mozilla:firefox:20.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:20.0.1:::::::*
CVE-2013-1699		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1699
CVE-2013-1699		https://nvd.nist.gov/vuln/detail/CVE-2013-1699
mfsa2013-61		https://www.mozilla.org/en-US/security/advisories/mfsa2013-61
USN-1890-1		https://usn.ubuntu.com/1890-1/

No exploits are available.

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-1699

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Percentile	0.58565
EPSS Score	0.00367
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:17:33.732176+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2013/mfsa2013-61.md	38.0.0