RedosROS-20220210-01ROS-20220210-01
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.6%
A vulnerability in Mozilla Thunderbird email client and Firefox browser is related to incorrect handling of extension updates.
Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into
install a particular type of browser extension and, during automatic updates, bypass the
a prompt that grants the new version the newly requested permissions
A vulnerability in the Mozilla Thunderbird email client and Firefox browser is related to the fact that the Content Security Policy directive
directive for ancestor frames was not applied to extension frame pages. Exploitation of the vulnerability could
Allow a remote attacker to perform unauthorized actions
A vulnerability in the Mozilla Thunderbird email client and Firefox browser, related to how the browser displays error messages in responses from different sources.
error messages in responses from different sources when importing resources using Web Workers. Exploitation of the
vulnerability could allow an attacker acting remotely to distinguish between responses from the
application/javascript responses that are not scripts, and learn information from other sources
Vulnerability in Mozilla Thunderbird email client and Firefox browser, related to a bounds error in processing content of
HTML. Exploitation of the vulnerability could allow an attacker acting remotely to create a custom-built website to trick a user into downloading HTML content.
customized website, trick the victim into opening it, corrupt memory, and execute arbitrary code on the target system.
arbitrary code on the target system
Vulnerability in Mozilla Thunderbird email client and Firefox browser, related to how the browser handles iframes.
Exploitation of the vulnerability could allow an attacker acting remotely to create an isolated iframe
without allow-scripts, and then add an element to the iframe document that, for example, had a
JavaScript event handler, the event handler would be triggered despite the isolated iframeβs programmatic environment
A vulnerability in the Mozilla Thunderbird email client and Firefox browser, related to the browserβs inability to correctly
identify a malicious file during drag-and-drop operations. Exploiting the vulnerability could
allow an attacker acting remotely to trick the victim into dragging an image to the desktop or another folder and convert it to a malicious file.
desktop or another folder and convert the resulting object into an executable script that will be executed after the user clicks on the image.
after the user clicks on it.
Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.6%