Remote Code Execution (RCE)

2022-01-1405:55:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

JSON

firefox is vulnerable to remote code execution. The vulnerability exists due to a memory corruption allowing an attacker to execute maliciously scripted code.

CPENameOperatorVersion
firefoxeq68.2.0__1.el7.centos
firefoxeq38.0__3.ael7b_1
firefoxeq78.6.0__1.el8_3
firefoxeq60.7.0__1.el7.centos
firefoxeq78.6.0__1.el7.centos
firefoxeq91.3.0__1.el8_4
firefoxeq38.1.1__1.ael7b_1
firefoxeq78.2.0__2.el8_2
firefoxeq91.4.0__1.el7.centos
firefoxeq60.2.0__1.el7.centos

Name	Operator	Version
firefox	eq	68.2.0__1.el7.centos
firefox	eq	38.0__3.ael7b_1
firefox	eq	78.6.0__1.el8_3
firefox	eq	60.7.0__1.el7.centos
firefox	eq	78.6.0__1.el7.centos
firefox	eq	91.3.0__1.el8_4
firefox	eq	38.1.1__1.ael7b_1
firefox	eq	78.2.0__2.el8_2
firefox	eq	91.4.0__1.el7.centos
firefox	eq	60.2.0__1.el7.centos