4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.968 High
EPSS
Percentile
99.7%
Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim’s computer.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 39.0.3 | |
firefox esr | lt | 38.1.1 | |
firefox os | lt | 2.2 |