10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.02 Low
EPSS
Percentile
88.8%
The Mozilla project’s family of browsers contain a design
flaw that can allow a website to spoof almost perfectly any
part of the Mozilla user interface, including spoofing web
sites for phishing or internal elements such as the “Master
Password” dialog box. This achieved by manipulating “chrome”
through remote XUL content. Recent versions of Mozilla have
been fixed to not allow untrusted documents to utilize
“chrome” in this way.