Arbitrary Code Execution

2020-04-1001:09:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

firefoxi s vulnerable to arbitrary code execution. The vulnerability in Sanitiser for OpenType (OTS), used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox.

CPENameOperatorVersion
xulrunnereq1.9.2.20__3.el5_7
xulrunnereq1.9.2.11__2.el5
xulrunnereq1.9.2.17__4.el6_0
xulrunnereq1.9.2.24__2.el5_7
xulrunnereq1.9.0.4__1.el5
xulrunnereq1.9.2.4__9.el5
xulrunnereq1.9.0.5__1.el5_2
xulrunnereq1.9.2.14__3.el6_0
xulrunnereq1.9.0.18__1.el5_4
xulrunnereq1.9.2.12__1.el6_0

Name	Operator	Version
xulrunner	eq	1.9.2.20__3.el5_7
xulrunner	eq	1.9.2.11__2.el5
xulrunner	eq	1.9.2.17__4.el6_0
xulrunner	eq	1.9.2.24__2.el5_7
xulrunner	eq	1.9.0.4__1.el5
xulrunner	eq	1.9.2.4__9.el5
xulrunner	eq	1.9.0.5__1.el5_2
xulrunner	eq	1.9.2.14__3.el6_0
xulrunner	eq	1.9.0.18__1.el5_4
xulrunner	eq	1.9.2.12__1.el6_0