CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
96.5%
Mozilla Firefox interprets HTML data improperly and activates event handlers for invalid HTML elements, leading to a cross-site scripting vulnerability.
An arbitrary script may be executed on the user’s web browser.
Upgrade the Software
Mozilla has released Firefox 2.0.0.2 and 1.5.0.10 which address this vulnerability. We recommend that users of the affected products upgrade to the fixed version of the software.