6.5 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.011 Low
EPSS
Percentile
84.3%
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
CPE | Name | Operator | Version |
---|---|---|---|
chrome | le | 18.0.1025.166 | |
firefox | le | 37.0.2 | |
firefox_esr | le | 31.6 | |
seamonkey | le | 2.33.0 | |
thunderbird | le | 31.6 | |
thunderbird | le | 38.0 | |
opensuse | eq | 13.1 | |
opensuse | eq | 13.2 |
lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
lists.opensuse.org/opensuse-updates/2015-05/msg00036.html
osvdb.org/81645
rhn.redhat.com/errata/RHSA-2015-1012.html
secunia.com/advisories/48992
www.debian.org/security/2015/dsa-3260
www.mozilla.org/security/announce/2015/mfsa2015-57.html
www.securityfocus.com/bid/53309
www.securitytracker.com/id?1027001
bugzilla.mozilla.org/show_bug.cgi?id=1087565
code.google.com/p/chromium/issues/detail?id=117627
exchange.xforce.ibmcloud.com/vulnerabilities/75271
googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14964
www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/