4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.951 High
EPSS
Percentile
99.3%
Mozilla researcher moz_bug_r_a4 reported that a flaw was introduced by the fix for MFSA 2007-20 that could enable privilege escalation attacks against addons that create βabout:blankβ windows and populate them in certain ways (including implicit βabout:blankβ document creation through data: or javascript: URLs in a new window).
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 2.0.0.6 | |
seamonkey | lt | 1.1.4 | |
thunderbird | lt | 1.5.0.13 | |
thunderbird | lt | 2.0.0.6 |