CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
71.5%
Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not
restrict a touch event to a single IFRAME element, which allows remote
attackers to obtain sensitive information or possibly conduct cross-site
scripting (XSS) attacks via a crafted HTML document.
Author | Note |
---|---|
jdstrand | Android only |