8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
39.3%
102.7.0-alt1 built Feb. 21, 2023 Pavel Vasenkov in task #315243
Jan. 18, 2023 Pavel Vasenkov
- New ESR version.
- Security fixes
+ CVE-2022-46871 libusrsctp library out of date
+ CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
+ CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
+ CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
+ CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
+ CVE-2022-46877 Fullscreen notification bypass
+ CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
+ CVE-2023-23605 Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
39.3%