CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
84.7%
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
opensuse | opensuse | 13.1 | cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* |
opensuse | opensuse | 13.2 | cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
mozilla | firefox_esr | * | cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
mozilla | seamonkey | * | cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* |
mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
code.google.com/p/chromium/issues/detail?id=117627
googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html
lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
lists.opensuse.org/opensuse-updates/2015-05/msg00036.html
osvdb.org/81645
rhn.redhat.com/errata/RHSA-2015-1012.html
secunia.com/advisories/48992
www.debian.org/security/2015/dsa-3260
www.mozilla.org/security/announce/2015/mfsa2015-57.html
www.securityfocus.com/bid/53309
www.securitytracker.com/id?1027001
bugzilla.mozilla.org/show_bug.cgi?id=1087565
exchange.xforce.ibmcloud.com/vulnerabilities/75271
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14964
www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7