CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
86.9%
Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of
service (heap corruption and application crash) or possibly execute
arbitrary code by triggering an error condition during certain Iframe
operations between a JSframe write and a JSframe close, as demonstrated by
an error in loading an empty Java applet defined by a ‘src=“javascript:”’
sequence.
Author | Note |
---|---|
jdstrand | firefox 3 not affected. seems a simple DoS, but will elevate if evidence of ability to execute code |
mdeslaur | upstream couldn’t reproduce, ignoring. |