6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Mozilla Firefox, an open source web browser from the Mozilla Foundation, is vulnerable to an input validation error that results from a request initiated in reader mode that does not properly omit cookies with the SameSite attribute. An attacker could use this vulnerability to elevate privileges to execute arbitrary code on the system or cause the browser to crash.
CPE | Name | Operator | Version |
---|---|---|---|
mozilla thunderbird | lt | 91.9 | |
mozilla firefox esr | lt | 91.9 | |
mozilla firefox | lt | 100.0 |