5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.961 High
EPSS
Percentile
99.5%
Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative’s Pwn2Own contest, that documents loaded though a resource: URL, such as Mozilla’s PDF.js PDF file viewer, were able to subsequently load privileged chrome pages. The privilege restrictions on resource: URLs was handled incorrectly and these restrictions could be bypassed if this flaw was combined with a separate vulnerability allowing for same-origin policy violation, it could be used to run arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 37 | |
firefox esr | lt | 31.6 | |
firefox os | lt | 2.2 | |
seamonkey | lt | 2.35 | |
thunderbird | lt | 31.6 |