CVE-2013-5611

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

Published: 2013-12-11 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2013-5611 is rated Moderate Risk (51.5/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.14%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2013-5611

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 1.65% 2.14% +0.49%
2 2026-06-14 1.19% 1.65% +0.46%
3 2025-11-27 1.19%

Full EPSS history (11 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2013-5611

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 8.6 4.9 [email protected]

Weakness enumeration for CVE-2013-5611

OS Trackers for CVE-2013-5611

vendor priority summary link
redhat medium https://access.redhat.com/security/cve/CVE-2013-5611
suse medium CVE-2013-5611 severity moderate: SUSE including 66 source package names (MozillaFirefox-140.2.0-160000.1.2, MozillaFirefox-24.2.0esr-0.7.1, …), 122 product×package rows across 31 product lines (SUSE Linux Enterprise Desktop 11 SP3, SUSE Linux Enterprise Desktop 12, … (31 product lines)): Fixed 108, Known Not Affected 14. https://www.suse.com/security/cve/CVE-2013-5611/
ubuntu low CVE-2013-5611 low priority: Ubuntu including 1 source packages (firefox), 6 status rows across 6 suites (lucid, precise, quantal, raring, saucy, upstream): released 5, ignored 1. https://ubuntu.com/security/CVE-2013-5611

Affected software / configurations for CVE-2013-5611

Vendor Product Version Raw CPE
oracle solaris 11.3 cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
fedoraproject fedora 19 cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
fedoraproject fedora 20 cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
canonical ubuntu_linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 12.10 cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
canonical ubuntu_linux 13.04 cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
canonical ubuntu_linux 13.10 cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
suse linux_enterprise_desktop 11 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
suse linux_enterprise_software_development_kit 11 cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
opensuse opensuse 13.1 cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
opensuse_project opensuse 11.4 cpe:2.3:o:opensuse_project:opensuse:11.4:*:*:*:*:*:*:*
opensuse_project opensuse 12.3 cpe:2.3:o:opensuse_project:opensuse:12.3:*:*:*:*:*:*:*
mozilla firefox <= 25.0.1 cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozilla firefox 0.1 cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
mozilla firefox 0.2 cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
mozilla firefox 0.3 cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
mozilla firefox 0.4 cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
mozilla firefox 0.5 cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
mozilla firefox 0.6 cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
mozilla firefox 0.6.1 cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
mozilla firefox 0.7 cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
mozilla firefox 0.7.1 cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
mozilla firefox 0.8 cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
mozilla firefox 0.9 cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
mozilla firefox 0.9 cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
mozilla firefox 0.9.1 cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
mozilla firefox 0.9.2 cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
mozilla firefox 0.9.3 cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
mozilla firefox 0.10 cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
mozilla firefox 0.10.1 cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
mozilla firefox 1.0 cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
mozilla firefox 1.0 cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
mozilla firefox 1.0.1 cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
mozilla firefox 1.0.2 cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
mozilla firefox 1.0.3 cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
mozilla firefox 1.0.4 cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
mozilla firefox 1.0.5 cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
mozilla firefox 1.0.6 cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
mozilla firefox 1.0.7 cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
mozilla firefox 1.0.8 cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
mozilla firefox 1.5 cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
mozilla firefox 1.5 cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
mozilla firefox 1.5 cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
mozilla firefox 1.5.0.1 cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
mozilla firefox 1.5.0.2 cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
mozilla firefox 1.5.0.3 cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
mozilla firefox 1.5.0.4 cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
mozilla firefox 1.5.0.5 cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
mozilla firefox 1.5.0.6 cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
mozilla firefox 1.5.0.7 cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
mozilla firefox 1.5.0.8 cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
mozilla firefox 1.5.0.9 cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
mozilla firefox 1.5.0.10 cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
mozilla firefox 1.5.0.11 cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
mozilla firefox 1.5.0.12 cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
mozilla firefox 1.5.1 cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
mozilla firefox 1.5.2 cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
mozilla firefox 1.5.3 cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
mozilla firefox 1.5.4 cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
mozilla firefox 1.5.5 cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
mozilla firefox 1.5.6 cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
mozilla firefox 1.5.7 cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
mozilla firefox 1.5.8 cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
mozilla firefox 2.0 cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
mozilla firefox 2.0.0.1 cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
mozilla firefox 2.0.0.2 cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
mozilla firefox 2.0.0.3 cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
mozilla firefox 2.0.0.4 cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
mozilla firefox 2.0.0.5 cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
mozilla firefox 2.0.0.6 cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
mozilla firefox 2.0.0.7 cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
mozilla firefox 2.0.0.8 cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
mozilla firefox 2.0.0.9 cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
mozilla firefox 2.0.0.10 cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
mozilla firefox 2.0.0.11 cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
mozilla firefox 2.0.0.12 cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
mozilla firefox 2.0.0.13 cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
mozilla firefox 2.0.0.14 cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*

References for CVE-2013-5611

URL Tags
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html Third Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-105.html Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory
http://www.securitytracker.com/id/1029470
http://www.ubuntu.com/usn/USN-2052-1 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=771294 Issue Tracking
cvelogic Threat Intelligence