CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
79.5%
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | 4.0 | cpe:/a:mozilla:firefox:4.0:beta6:: |
mozilla | firefox | 6.0.1 | cpe:/a:mozilla:firefox:6.0.1::: |
mozilla | firefox | 4.0 | cpe:/a:mozilla:firefox:4.0:beta4:: |
mozilla | firefox | 4.0 | cpe:/a:mozilla:firefox:4.0:beta12:: |
mozilla | firefox | 4.0 | cpe:/a:mozilla:firefox:4.0:beta11:: |
mozilla | firefox | 4.0 | cpe:/a:mozilla:firefox:4.0:beta5:: |
mozilla | firefox | 6.0.2 | cpe:/a:mozilla:firefox:6.0.2::: |
mozilla | firefox | 4.0 | cpe:/a:mozilla:firefox:4.0:beta2:: |
mozilla | firefox | 4.0 | cpe:/a:mozilla:firefox:4.0:beta10:: |
mozilla | firefox | 7.0 | cpe:/a:mozilla:firefox:7.0::: |