Lucene search

K
redosRedosROS-20220114-01
HistoryJan 14, 2022 - 12:00 a.m.

ROS-20220114-01

2022-01-1400:00:00
redos.red-soft.ru
34

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

47.7%

Vulnerability in Firefox browser, related to incorrect processing of user data.
of user data. Exploitation of the vulnerability could allow an attacker acting remotely to mislead,
by showing an incorrect origin when requesting to run a program and processing an external URL protocol

Firefox browser vulnerability, related to a buffer overflow in dynamic memory in the
blendGaussianBlur when applying a CSS filter. Exploitation of the vulnerability could allow an attacker,
acting remotely, cause a heap buffer overflow and execute arbitrary code on the target system

Vulnerability in Firefox browser, related to incorrect restriction of rendered layers
or UI frames due to race condition when reportValidity is invoked. Exploitation of the
of the vulnerability could allow an attacker acting remotely to bypass the full-screen notification and
conduct a spoofing attack

A vulnerability in the Firefox browser, related to the fact that Securitypolicyviolation events
cause information to be leaked. Exploitation of the vulnerability could allow an attacker acting remotely,
to gain access to potentially sensitive information

Firefox browser vulnerability, related to writing outside of boundaries when pasting
text in edit mode. Exploitation of the vulnerability could allow an attacker acting remotely to initiate unauthorized access to potentially sensitive information.
remotely, to initiate unauthorized writing and execution of arbitrary code on the target system

Vulnerability in Firefox browser, related to the bypassing of security restrictions in the
iframe sandbox implementation when processing XSLT markup. Exploitation of the vulnerability could allow
a remote attacker to bypass the iframe sandbox and execute arbitrary JavaScript code in the context of an arbitrary window.
arbitrary JavaScript code in the context of an arbitrary window

Firefox browser vulnerability, related to memory usage after memory is freed
in ChannelEventQueue::mOwner when releasing a network request descriptor. Exploitation of the vulnerability could
allow an attacker acting remotely to raise a post-release usage error and execute
arbitrary code on the system

Vulnerability in the Firefox browser, related to incorrectly restricting visualized layers
or frames of the user interface due to a bug in resizing a popup window when requesting
full-screen access. Exploitation of the vulnerability could allow an attacker acting remotely,
Deny the browser the ability to exit full-screen mode and conduct a spoofing attack

Vulnerability in Firefox browser, related to memory usage after memory is freed
due to a race condition when playing audio files. Exploitation of the vulnerability could allow
an attacker acting remotely to create a specially crafted audio shell, trigger a post-release usage error
post-release usage error and execute arbitrary code on the system

Firefox browser vulnerability, involves the execution of arbitrary commands on the target
system due to improper input validation in the DevTools function. Exploitation of the vulnerability could allow
an attacker acting remotely to execute arbitrary commands on a system if copied data is
is pasted into a Powershell command line

Vulnerability in Firefox browser, related to bypassing security restrictions.
Exploitation of the vulnerability could allow an attacker acting remotely to trick users into accepting the launch of a program to process an external program.
users to accept the launch of a program to process an external URL protocol

Vulnerability in Firefox browser, related to incorrect restriction of visualized layers
or frames of the user interface due to an error when navigating within an iframe when requesting full-screen access.
full-screen access. Exploitation of the vulnerability could allow an attacker acting remotely,
Deny the browser the ability to exit full-screen mode and conduct a spoofing attack

Vulnerability in the Firefox browser, related to improper validation of the input of an empty
pkcs7 sequence passed as part of certificate data. Exploitation of the vulnerability could
allow an attacker acting remotely to pass a specially crafted certificate to the application and
Perform a denial-of-service (DoS) attack

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64firefox<= 91.5.0-1UNKNOWN

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

47.7%