6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.031 Low
EPSS
Percentile
90.9%
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before
1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows
remote attackers to execute arbitrary JavaScript as the user via an HTML
mail message with a javascript: URI in an (1) img, (2) link, or (3) style
tag, which bypasses the access checks and executes code with chrome
privileges.