9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.026 Low
EPSS
Percentile
90.3%
Mozilla developer Olli Pettay discovered that the AutoWrapperChanger class fails to keep some javascript objects alive during garbage collection. This can lead to an exploitable crash allowing for arbitrary code execution.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 18 | |
firefox esr | lt | 17.0.2 | |
seamonkey | lt | 2.15 | |
thunderbird | lt | 17.0.2 | |
thunderbird esr | lt | 17.0.2 |