9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
Mozilla Project reports:
Firefox user zbyte reported a crash that we determined could result
in an exploitable memory corruption problem. In certain cases after a
return from a native function, such as escape(), the Just-in-Time
(JIT) compiler could get into a corrupt state. This could be exploited
by an attacker to run arbitrary code such as installing malware.
This vulnerability does not affect earlier versions of Firefox
which do not support the JIT feature.