Bug 977611 - (CVE-2013-1695) CVE-2013-1695 Mozilla: Sandbox restrictions not applied to nested frame elements (MFSA 2013-57)
CVE-2013-1695 Mozilla: Sandbox restrictions not applied to nested frame eleme...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
Blocks: 972560
  Show dependency treegraph
Reported: 2013-06-24 22:08 EDT by Huzaifa S. Sidhpurwala
Modified: 2013-06-26 02:55 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-06-24 22:27:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Huzaifa S. Sidhpurwala 2013-06-24 22:08:23 EDT
Mozilla community member Bob Owen reported that <iframe sandbox> restrictions are not applied to a frame element contained within a sandboxed iframe. As a result, content hosted within a sandboxed iframe could use a frame element to bypass the restrictions that should be applied.

External Reference:



Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bob Owen as the original reporter.


This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6

Note You need to log in before you can comment on or make changes to this bug.