5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
79.2%
Proxy Auto-Config (PAC) files can specify a JavaScript function called for
all URL requests with the full URL path which exposes more information than
would be sent to the proxy itself in the case of HTTPS. Normally the Proxy
Auto-Config file is specified by the user or machine owner and presumed to
be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD)
this file can be served remotely. This vulnerability affects Firefox < 51.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | firefox | < 51.0.1+build2-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | firefox | < 51.0.1+build2-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | firefox | < 51.0.1+build2-0ubuntu0.16.04.1 | UNKNOWN |
ubuntu | 16.10 | noarch | firefox | < 51.0.1+build2-0ubuntu0.16.10.1 | UNKNOWN |
ubuntu | 17.04 | noarch | firefox | < 52.0.1+build2-0ubuntu1 | UNKNOWN |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
79.2%