7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.4%
Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary
JavaScript in the context of the browser’s session with an arbitrary
intranet web server, by hosting script on an Internet web server that can
be made inaccessible by the attacker and that has a domain name under the
attacker’s control, which can force the browser to drop DNS pinning and
perform a new DNS query for the domain name after the script is already
running.