Lucene search

K
mozillaMozilla FoundationMFSA2012-89
HistoryOct 11, 2012 - 12:00 a.m.

defaultValue security checks not applied — Mozilla

2012-10-1100:00:00
Mozilla Foundation
www.mozilla.org
22

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.084

Percentile

94.4%

Mozilla security researcher moz_bug_r_a4 reported a regression where security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object. In versions 15 and earlier of affected products, there was also the potential for arbitrary code execution.

Affected configurations

Vulners
Node
mozillafirefoxRange<16.0.1
OR
mozillafirefox_esrRange<10.0.9
OR
mozillaseamonkeyRange<2.13.1
OR
mozillathunderbirdRange<16.0.1
OR
mozillathunderbird_esrRange<10.0.9

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.084

Percentile

94.4%