5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.01 Low
EPSS
Percentile
84.1%
Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly
implement the sandbox attribute of the IFRAME element, which allows remote
attackers to bypass intended restrictions on same-origin content via a
crafted web site in conjunction with a redirect.