9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.1%
Vulnerability in Mozilla Firefox browser, related to a logic error in iframe processing. Exploitation
the vulnerability could allow an attacker acting remotely and who has the ability to
control the contents of an isolated iframe program environment , allow-popups, but not allow-scripts,
could create a link that, when clicked, would cause JavaScript to execute in violation of the isolated program environment.
programming environment
Vulnerability in Mozilla Firefox browser, due to the fact that the browser stores files in the /tmp folder, which is accessible to all local users.
all local users. Exploitation of the vulnerability could allow an attacker to read files from this folder and gain access to potentially sensitive files.
folder and gain access to potentially sensitive information
Vulnerability in Mozilla Firefox browser, related to a bug when resizing a pop-up window after a full-screen access request.
full-screen access request. Exploitation of the vulnerability could allow an attacker acting
remotely to fail to display the full-screen notification and perform a spoofing attack
Vulnerability in Mozilla Firefox browser, related to a post-release memory usage error in
HTML content processing. Exploitation of the vulnerability could allow an attacker, acting remotely,
initiate post-release usage by forcibly reformatting text in an SVG object and
executing arbitrary code on the system
Vulnerability in the Mozilla Firefox browser, related to a race condition in signature verification during installation of the
Firefox add-on. Exploitation of the vulnerability could allow an attacker acting remotely to replace the
the add-on’s base file while the user was confirming the invitation, and install a malicious add-on
on the system
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.1%