9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
85.3%
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox
before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7,
does not properly handle the discarding of image data during function
execution, which allows remote attackers to execute arbitrary code by
triggering prolonged image scaling, as demonstrated by scaling of a
high-quality image.