9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.02 Low
EPSS
Percentile
87.1%
Oct. 23, 2018 Andrey Cherepanov 60.3.0-alt1
- New ESR version (60.3.0).
- Fixed:
+ CVE-2018-12391 HTTP Live Stream audio data is accessible cross-origin
+ CVE-2018-12392 Crash with nested event loops
+ CVE-2018-12393 Integer overflow during Unicode conversion while loading JavaScript
+ CVE-2018-12395 WebExtension bypass of domain restrictions through header rewriting
+ CVE-2018-12396 WebExtension content scripts can execute in disallowed contexts
+ CVE-2018-12397 WebExtension can request access to local files without the warning prompt
+ CVE-2018-12389 Memory safety bugs fixed in Firefox ESR 60.3
+ CVE-2018-12390 Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.02 Low
EPSS
Percentile
87.1%