4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.009 Low
EPSS
Percentile
83.0%
Gerry Eisenhaur reported the chrome: URI scheme improperly allowed directory traversal that could be used to load JavaScript, images, and stylesheets from local files in known locations. This traversal was possible only when the browser had installed add-ons which used “flat” packaging rather than the more popular .jar packaging, and the attacker would need to target that specific add-on.