9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.015 Low
EPSS
Percentile
87.0%
Security researchers Nicolas Grégoire and Aki Helin independently reported that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to a memory corruption. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 10 | |
firefox | lt | 3.6.26 | |
seamonkey | lt | 2.7 | |
thunderbird | lt | 10 | |
thunderbird | lt | 3.1.18 |