CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
89.4%
Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user’s browser. This behavior could be used twice in succession to first load a privileged chrome: URL in a victim’s browser, then load a malicious javascript: URL on top of the same document resulting in arbitrary script execution with chrome privileges.