RedosROS-20220701-02ROS-20220701-02
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
71.8%
A vulnerability in the Mozilla Firefox browser is related to improper handling of the CSP sandbox header without the
the “allow scripts” parameter. Exploitation of the vulnerability could allow an attacker acting remotely to use an iframe to bypass an implemented CSP restriction and exploit it.
remotely, use an iframe to bypass the implemented CSP restriction and execute scripts if the
a user clicks on a javascript link
The vulnerability in the Mozilla Firefox browser is related to an integer overflow in the function
nsTArray_Impl::ReplaceElementsAt(). Exploitation of the vulnerability could allow an attacker acting
remotely, force a victim to visit a specially crafted website, trigger an integer overflow, and
execute arbitrary code on the target system
A vulnerability in the Mozilla Firefox browser is related to a boundary error in HTML content processing.
Exploitation of the vulnerability could allow an attacker acting remotely to create a customized website,
trick the victim into opening it, cause memory corruption, and execute arbitrary code on the target system.
system
A vulnerability in the Mozilla Firefox browser is related to improper error handling when processing an inaccessible
PAC file. Exploitation of the vulnerability could allow an attacker acting remotely to specify the URL of the
PAC, and then if the server hosting the PAC is unavailable, OCSP requests are blocked, resulting in the
incorrect error pages being displayed.
The vulnerability in Mozilla Firefox browser is related to improper handling of the resize event of a
of a pop-up window. Exploitation of the vulnerability could allow an attacker acting remotely to create a
a special website that could create a resized pop-up window to overlay its own content and address bar with its own content.
address bar with their own content and perform a spoofing attack
The vulnerability in the Mozilla Firefox browser is related to a bug in the handling of CSS stylesheets accessible via the
internal URIs as “resource:”. Exploitation of the vulnerability could allow an attacker acting
remotely to bypass the implemented content security policy
The vulnerability in the Mozilla Firefox browser is related to improper input validation when processing attributes of the
JavaScript. Exploitation of the vulnerability could allow an attacker acting remotely to pass unwanted attributes to a JavaScript object.
unwanted attributes to a JavaScript object, execute a prototype infection, and execute arbitrary
JavaScript in the browser
The vulnerability in Mozilla Firefox browser is related to a memory freeing bug in nsSHistory when processing
XML documents. Exploitation of the vulnerability could allow an attacker acting remotely to trigger a
a post-release usage error and execute arbitrary code on the system
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
71.8%