10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
68.2%
91.3.0-alt1 built Nov. 9, 2021 Andrey Cherepanov in task #288753
Nov. 2, 2021 Andrey Cherepanov
- New ESR version.
- Security fixes:
+ CVE-2021-38503 iframe sandbox rules did not apply to XSLT stylesheets
+ CVE-2021-38504 Use-after-free in file picker dialog
+ CVE-2021-38505 Windows 10 Cloud Clipboard may have recorded sensitive user data
+ CVE-2021-38506 Firefox could be coaxed into going into fullscreen mode without notification or warning
+ CVE-2021-38507 Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
+ CVE-2021-38508 Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
+ CVE-2021-38509 Javascript alert box could have been spoofed onto an arbitrary domain
+ CVE-2021-38510 Download Protections were bypassed by .inetloc files on Mac OS
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
68.2%