Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:33635
HistoryJan 14, 2022 - 5:54 a.m.

Command Injection

2022-01-1405:54:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

firefox is vulnerable to command injection. The vulnerability exists due to the lack of throttling on external protocol launch dialog allowing an attacker to trick users into accepting launching a program to handle an external URL protocol.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N