4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.2%
Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier (URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-origin policy, allowing for cross-site scripting (XSS) or the installation of malicious add-ons from third-party pages.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 23 | |
firefox esr | lt | 17.0.8 | |
seamonkey | lt | 2.20 | |
thunderbird | lt | 17.0.8 | |
thunderbird esr | lt | 17.0.8 |