RedosROS-20220518-01ROS-20220518-01
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
49.9%
A vulnerability in the Mozilla Firefox browser is related to improper permission management in the application.
Exploitation of the vulnerability could allow an attacker acting remotely to create a web page that
Bypasses the existing browser hint and inherits top-level permissions improperly
The vulnerability in the Mozilla Firefox browser involves improper protection of top-level navigation for an
isolated iframe programmatic environment with a policy weakened with a keyword such as
allow top-level navigation on user activation. Exploitation of the vulnerability could allow
an attacker acting remotely to bypass the implemented sandbox restrictions for loaded frames
The vulnerability in the Mozilla Firefox browser is related to the fact that browsers behave differently when loading CSS
from known resources using CSS variables. Exploitation of the vulnerability could allow
an attacker acting remotely to monitor browser behavior to guess which websites are
have been visited previously and are stored in the browser’s history
A vulnerability in the Mozilla Firefox browser is related to boundary errors in HTML content processing.
Exploitation of the vulnerability could allow an attacker acting remotely to create a customized
web page, force the victim to open it, cause memory corruption, and execute arbitrary code on the target system.
target system
A vulnerability in the Mozilla Firefox browser is related to an error in reusing existing
pop-up windows. Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into visiting a specially crafted website.
a victim to visit a specially crafted website and misuse pop-up windows to
hide the full-screen notification UI, which could enable a spoofing attack on the browser.
browser
The vulnerability in the Mozilla Firefox browser is related to the fact that requests initiated in read mode,
incorrectly pass cookies with the SameSite attribute. Exploitation of the vulnerability could allow
A remote attacker to intercept cookies with the SameSite attribute set
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
49.9%