4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.161 Low
EPSS
Percentile
95.9%
Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.
An arbitrary script may be executed on the user’s web browser.
Upgrade the Software
Mozilla has released Firefox 2.0.0.2 and 1.5.0.10 which address this vulnerability. We recommend that users of the affected products upgrade to the fixed version of the software.