6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
34.0%
If the ALT and “a” keys are pressed when users receive an extension
installation prompt, the extension will be installed without the install
prompt delay that keeps the prompt visible in order for users to accept or
decline the installation. A malicious web page could use this with spoofing
on the page to trick users into installing a malicious extension. This
vulnerability affects Firefox < 67.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | firefox | < 67.0+build2-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 18.10 | noarch | firefox | < 67.0+build2-0ubuntu0.18.10.1 | UNKNOWN |
ubuntu | 19.04 | noarch | firefox | < 67.0+build2-0ubuntu0.19.04.1 | UNKNOWN |
ubuntu | 19.10 | noarch | firefox | < 67.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 20.04 | noarch | firefox | < 67.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 20.10 | noarch | firefox | < 67.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 21.04 | noarch | firefox | < 67.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | firefox | < 67.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | firefox | < 67.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | firefox | < 67.0+build2-0ubuntu1 | UNKNOWN |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
34.0%