RedosROS-20220412-02ROS-20220412-02
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
71.8%
Vulnerability in Mozilla Firefox browser, due to the fact that regex for Rust does not control properly
internal resource consumption when parsing unreliable input data. Exploitation
of the vulnerability could allow a remote attacker to pass specially crafted data to an application and perform a “spoofing” attack.
to an application and execute a ReDoS attack with regular expressions.
Vulnerability in Mozilla Firefox browser, related to a memory release error in object processing
NSSToken. Exploitation of the vulnerability could allow an attacker acting remotely to create a customized
customized web page, trick the victim into opening it, cause a usage error upon
release and execute arbitrary code on the system
Vulnerability in the Mozilla Firefox browser, related to a boundary error when processing an unexpected number of
WebAuthN extensions in the Register command. Exploitation of the vulnerability could allow an attacker acting
remotely, create a specially crafted web page, trick the victim into opening it, perform a
out-of-bounds writing and execute arbitrary code on the system
The vulnerability in the Mozilla Firefox browser, is related to the fact that iframe content can be displayed outside of
outside of its boundaries. Exploitation of the vulnerability could allow an attacker acting remotely,
spoof the content of a page
Vulnerability in Mozilla Firefox browser, related to a boundary error in HTML content processing.
Exploitation of the vulnerability could allow an attacker acting remotely to create a specially crafted
web page, trick the victim into opening it, cause memory corruption, and execute arbitrary
code on the target system
A vulnerability in the Mozilla Firefox browser, related to the use of an invalid aliasSet when creating the
assembly code for MLoadTypedArrayElementHole. Exploitation of the vulnerability could allow an attacker,
acting remotely, to abuse this along with other vulnerabilities to perform reads outside the
boundaries
Vulnerability in the Mozilla Firefox browser, related to a memory freeing error when processing links
rel=“localization”. Exploitation of the vulnerability could allow an attacker acting remotely to create a
a specially crafted web page, trick the victim into opening it, raise a usage error upon release, and execute an arbitrary web page.
upon release, and execute arbitrary code on the system
Vulnerability in the Mozilla Firefox browser, related to a memory release error when processing
HTML content after the VR process is destroyed. Exploitation of the vulnerability could allow an attacker,
acting remotely, create a specially crafted web page, trick the victim into opening it,
cause a usage error upon release, and execute arbitrary code on the system
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
71.8%