6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.084 Low
EPSS
Percentile
94.4%
Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 16.0.1 | |
firefox esr | lt | 10.0.9 | |
seamonkey | lt | 2.13.1 | |
thunderbird | lt | 16.0.1 | |
thunderbird esr | lt | 10.0.9 |