4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
71.3%
Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 15 | |
firefox esr | lt | 10.0.8 | |
seamonkey | lt | 2.12 | |
thunderbird | lt | 15 | |
thunderbird esr | lt | 10.0.8 |