10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.026 Low
EPSS
Percentile
90.3%
Mozilla security researcher moz_bug_r_a4 reported a arbitrary code execution attack using a javascript: URL. The Gecko engine features a JavaScript sandbox utility that allows the browser or add-ons to safely execute script in the context of a web page. In certain cases, javascript: URLs are executed in such a sandbox with insufficient context that can allow those scripts to escape from the sandbox and run with elevated privilege. This can lead to arbitrary code execution.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 14 | |
firefox esr | lt | 10.0.6 | |
seamonkey | lt | 2.11 | |
thunderbird | lt | 14 | |
thunderbird esr | lt | 10.0.6 |