Information Disclosure

2021-01-2719:32:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

firefox is vulnerable to information disclosure. The vulnerability exists by combining the slipstream research combined with a malicious webpage could have exposed both an internal network’s hosts as well as services running on the user’s local machine.

CPENameOperatorVersion
firefox:sideq83.0-1
firefox:sideq81.0-2
firefox:sideq82.0.3-1
firefox:bioniceq83.0+build2-0ubuntu0.18.04.2
firefox:bioniceq80.0+build2-0ubuntu0.18.04.1
firefox:bioniceq80.0.1+build1-0ubuntu0.18.04.1
firefox:bioniceq59.0.2+build1-0ubuntu1
firefox:focaleq80.0.1+build1-0ubuntu0.20.04.1
firefox:focaleq83.0+build2-0ubuntu0.20.04.1
firefox:focaleq80.0+build2-0ubuntu0.20.04.1

Name	Operator	Version
firefox:sid	eq	83.0-1
firefox:sid	eq	81.0-2
firefox:sid	eq	82.0.3-1
firefox:bionic	eq	83.0+build2-0ubuntu0.18.04.2
firefox:bionic	eq	80.0+build2-0ubuntu0.18.04.1
firefox:bionic	eq	80.0.1+build1-0ubuntu0.18.04.1
firefox:bionic	eq	59.0.2+build1-0ubuntu1
firefox:focal	eq	80.0.1+build1-0ubuntu0.20.04.1
firefox:focal	eq	83.0+build2-0ubuntu0.20.04.1
firefox:focal	eq	80.0+build2-0ubuntu0.20.04.1