CVE-2013-0795 [Critical] | Security Bypass in Firefox

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	1.49%	3.36%	+1.87%
2	2026-03-20	2.01%	1.49%	-0.52%
3	2025-10-05	—	2.01%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

1.49%

3.36%

+1.87%

2026-03-20

2.01%

1.49%

-0.52%

2025-10-05

—

2.01%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	10.0	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

10.0

2.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

10.0

[email protected]

OS Trackers for CVE-2013-0795

vendor	priority	summary	link
`gentoo`	high	CVE-2013-0795: 1 GLSA(s) (201309-23), 6 atom(s) (mail-client/thunderbird, mail-client/thunderbird-bin, www-client/firefox, www-client/firefox-bin, www-client/seamonkey, www-client/seamonkey-bin); latest impact high.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2013-0795
`redhat`	critical	—	https://access.redhat.com/security/cve/CVE-2013-0795
`suse`	critical	CVE-2013-0795 severity critical: SUSE including 78 source package names (MozillaFirefox-140.2.0-160000.1.2, MozillaFirefox-17.0.6esr-0.4.1, …), 136 product×package rows across 34 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 12, … (34 product lines)): Fixed 136.	https://www.suse.com/security/cve/CVE-2013-0795/
`ubuntu`	medium	CVE-2013-0795 medium priority: Ubuntu including 5 source packages (firefox, seamonkey, thunderbird, xulrunner-1.9.2, xulrunner-2.0), 40 status rows across 8 suites (hardy, lucid, oneiric, precise, quantal, raring, saucy, upstream): DNE 16, released 14, ignored 7, needs-triage 2, pending 1.	https://ubuntu.com/security/CVE-2013-0795

Affected software / configurations for CVE-2013-0795

Vendor	Product	Version	Raw CPE
mozilla	firefox	<= 19.0.2	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	19.0	cpe:2.3:a:mozilla:firefox:19.0:::::::*
mozilla	firefox	19.0.1	cpe:2.3:a:mozilla:firefox:19.0.1:::::::*
mozilla	firefox	17.0	cpe:2.3:a:mozilla:firefox:17.0:::::::*
mozilla	firefox	17.0.1	cpe:2.3:a:mozilla:firefox:17.0.1:::::::*
mozilla	firefox	17.0.2	cpe:2.3:a:mozilla:firefox:17.0.2:::::::*
mozilla	firefox	17.0.3	cpe:2.3:a:mozilla:firefox:17.0.3:::::::*
mozilla	firefox	17.0.4	cpe:2.3:a:mozilla:firefox:17.0.4:::::::*
mozilla	thunderbird	17.0	cpe:2.3:a:mozilla:thunderbird:17.0:::::::*
mozilla	thunderbird	17.0.1	cpe:2.3:a:mozilla:thunderbird:17.0.1:::::::*
mozilla	thunderbird	17.0.2	cpe:2.3:a:mozilla:thunderbird:17.0.2:::::::*
mozilla	thunderbird	17.0.3	cpe:2.3:a:mozilla:thunderbird:17.0.3:::::::*
mozilla	thunderbird	17.0.4	cpe:2.3:a:mozilla:thunderbird:17.0.4:::::::*
mozilla	thunderbird_esr	17.0	cpe:2.3:a:mozilla:thunderbird_esr:17.0:::::::*
mozilla	thunderbird_esr	17.0.1	cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:::::::*
mozilla	thunderbird_esr	17.0.2	cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:::::::*
mozilla	thunderbird_esr	17.0.3	cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:::::::*
mozilla	thunderbird_esr	17.0.4	cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:::::::*
mozilla	seamonkey	<= 2.17	cpe:2.3:a:mozilla:seamonkey::beta4::::::*
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:::::::*
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:beta_1::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:beta_2::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:rc1::::::
mozilla	seamonkey	2.0	cpe:2.3:a:mozilla:seamonkey:2.0:rc2::::::
mozilla	seamonkey	2.0.1	cpe:2.3:a:mozilla:seamonkey:2.0.1:::::::*
mozilla	seamonkey	2.0.2	cpe:2.3:a:mozilla:seamonkey:2.0.2:::::::*
mozilla	seamonkey	2.0.3	cpe:2.3:a:mozilla:seamonkey:2.0.3:::::::*
mozilla	seamonkey	2.0.4	cpe:2.3:a:mozilla:seamonkey:2.0.4:::::::*
mozilla	seamonkey	2.0.5	cpe:2.3:a:mozilla:seamonkey:2.0.5:::::::*
mozilla	seamonkey	2.0.6	cpe:2.3:a:mozilla:seamonkey:2.0.6:::::::*
mozilla	seamonkey	2.0.7	cpe:2.3:a:mozilla:seamonkey:2.0.7:::::::*
mozilla	seamonkey	2.0.8	cpe:2.3:a:mozilla:seamonkey:2.0.8:::::::*
mozilla	seamonkey	2.0.9	cpe:2.3:a:mozilla:seamonkey:2.0.9:::::::*
mozilla	seamonkey	2.0.10	cpe:2.3:a:mozilla:seamonkey:2.0.10:::::::*
mozilla	seamonkey	2.0.11	cpe:2.3:a:mozilla:seamonkey:2.0.11:::::::*
mozilla	seamonkey	2.0.12	cpe:2.3:a:mozilla:seamonkey:2.0.12:::::::*
mozilla	seamonkey	2.0.13	cpe:2.3:a:mozilla:seamonkey:2.0.13:::::::*
mozilla	seamonkey	2.0.14	cpe:2.3:a:mozilla:seamonkey:2.0.14:::::::*
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:::::::*
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:alpha1::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:alpha2::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:alpha3::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:beta1::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:beta2::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:beta3::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:rc1::::::
mozilla	seamonkey	2.1	cpe:2.3:a:mozilla:seamonkey:2.1:rc2::::::
mozilla	seamonkey	2.2	cpe:2.3:a:mozilla:seamonkey:2.2:::::::*
mozilla	seamonkey	2.2	cpe:2.3:a:mozilla:seamonkey:2.2:beta1::::::
mozilla	seamonkey	2.2	cpe:2.3:a:mozilla:seamonkey:2.2:beta2::::::
mozilla	seamonkey	2.2	cpe:2.3:a:mozilla:seamonkey:2.2:beta3::::::
mozilla	seamonkey	2.3	cpe:2.3:a:mozilla:seamonkey:2.3:::::::*
mozilla	seamonkey	2.3	cpe:2.3:a:mozilla:seamonkey:2.3:beta1::::::
mozilla	seamonkey	2.3	cpe:2.3:a:mozilla:seamonkey:2.3:beta2::::::
mozilla	seamonkey	2.3	cpe:2.3:a:mozilla:seamonkey:2.3:beta3::::::
mozilla	seamonkey	2.3.1	cpe:2.3:a:mozilla:seamonkey:2.3.1:::::::*
mozilla	seamonkey	2.3.2	cpe:2.3:a:mozilla:seamonkey:2.3.2:::::::*
mozilla	seamonkey	2.3.3	cpe:2.3:a:mozilla:seamonkey:2.3.3:::::::*
mozilla	seamonkey	2.4	cpe:2.3:a:mozilla:seamonkey:2.4:::::::*
mozilla	seamonkey	2.4	cpe:2.3:a:mozilla:seamonkey:2.4:beta1::::::
mozilla	seamonkey	2.4	cpe:2.3:a:mozilla:seamonkey:2.4:beta2::::::
mozilla	seamonkey	2.4	cpe:2.3:a:mozilla:seamonkey:2.4:beta3::::::
mozilla	seamonkey	2.4.1	cpe:2.3:a:mozilla:seamonkey:2.4.1:::::::*
mozilla	seamonkey	2.5	cpe:2.3:a:mozilla:seamonkey:2.5:::::::*
mozilla	seamonkey	2.5	cpe:2.3:a:mozilla:seamonkey:2.5:beta1::::::
mozilla	seamonkey	2.5	cpe:2.3:a:mozilla:seamonkey:2.5:beta2::::::
mozilla	seamonkey	2.5	cpe:2.3:a:mozilla:seamonkey:2.5:beta3::::::
mozilla	seamonkey	2.5	cpe:2.3:a:mozilla:seamonkey:2.5:beta4::::::
mozilla	seamonkey	2.6	cpe:2.3:a:mozilla:seamonkey:2.6:::::::*
mozilla	seamonkey	2.6	cpe:2.3:a:mozilla:seamonkey:2.6:beta1::::::
mozilla	seamonkey	2.6	cpe:2.3:a:mozilla:seamonkey:2.6:beta2::::::
mozilla	seamonkey	2.6	cpe:2.3:a:mozilla:seamonkey:2.6:beta3::::::
mozilla	seamonkey	2.6	cpe:2.3:a:mozilla:seamonkey:2.6:beta4::::::
mozilla	seamonkey	2.6.1	cpe:2.3:a:mozilla:seamonkey:2.6.1:::::::*
mozilla	seamonkey	2.7	cpe:2.3:a:mozilla:seamonkey:2.7:::::::*
mozilla	seamonkey	2.7	cpe:2.3:a:mozilla:seamonkey:2.7:beta1::::::
mozilla	seamonkey	2.7	cpe:2.3:a:mozilla:seamonkey:2.7:beta2::::::

References for CVE-2013-0795

URL	Tags
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
http://rhn.redhat.com/errata/RHSA-2013-0696.html
http://rhn.redhat.com/errata/RHSA-2013-0697.html
http://www.debian.org/security/2013/dsa-2699
http://www.mozilla.org/security/announce/2013/mfsa2013-36.html	Vendor Advisory
http://www.ubuntu.com/usn/USN-1791-1
https://bugzilla.mozilla.org/show_bug.cgi?id=825697
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16842

URL

CVE-2013-0795

Exploit prediction scoring system (EPSS) score for CVE-2013-0795

Common vulnerability scoring system (CVSS) metrics for CVE-2013-0795

Weakness enumeration for CVE-2013-0795

OS Trackers for CVE-2013-0795

Affected software / configurations for CVE-2013-0795

References for CVE-2013-0795