Privilege Escalation

2023-08-0612:06:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

firefox

thunderbird

privilege escalation

malicious website

popup notification

user's files

attacker

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.3%

JSON

firefox and thunderbird are vulnerable to Privilege Escalation. An attacker could exploit this vulnerability by creating a malicious website that would show a popup notification asking for permission to access the user’s files. If the user clicked on the notification, the permission would be granted, even if the notification was displayed for a very short period of time. The attacker could then use the permission to access the user’s files.

CPENameOperatorVersion
firefox-esr:sideq78.8.0esr-1
firefox-esr:sideq78.5.0esr-1
thunderbird:sideq1:78.5.0-1
firefox:sideq81.0-2
firefox:sideq83.0-1
firefox:sideq82.0.3-1
firefox-esr:bullseyeeq78.5.0esr-1
firefox-esr:sideq78.8.0esr-1
firefox-esr:sideq78.5.0esr-1
thunderbird:sideq1:78.5.0-1

Name	Operator	Version
firefox-esr:sid	eq	78.8.0esr-1
firefox-esr:sid	eq	78.5.0esr-1
thunderbird:sid	eq	1:78.5.0-1
firefox:sid	eq	81.0-2
firefox:sid	eq	83.0-1
firefox:sid	eq	82.0.3-1
firefox-esr:bullseye	eq	78.5.0esr-1
firefox-esr:sid	eq	78.8.0esr-1
firefox-esr:sid	eq	78.5.0esr-1
thunderbird:sid	eq	1:78.5.0-1