6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.3%
Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, calls to history.forward and history.back are used to navigate to a site while displaying the previous site in the addressbar but changing the baseURI to the newer site. This can be used for phishing by allowing the user to input form or other data on the newer, attacking, site while appearing to be on the older, displayed site.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 14 | |
firefox esr | lt | 10.0.6 | |
seamonkey | lt | 2.11 | |
thunderbird | lt | 14 | |
thunderbird esr | lt | 10.0.6 |