CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
Vulnerability of ANGLE library in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers
is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service
Vulnerability of Mozilla Firefox, Firefox ESR and Thunderbird mail client is related to errors in the
in the presentation of information by the user interface. Exploitation of the vulnerability could allow
a remote attacker to conduct spoofing attacks using full-screen notifications
Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to incorrect neutralization of special elements in the output of the browser.
neutralization of special elements in the output data used by the input component. Exploitation
vulnerability could allow a remote attacker to execute arbitrary code.
Vulnerability in the API interface of Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the following
with incorrect restriction of visualized layers or UI frames. Exploitation
of the vulnerability could allow a remote attacker to display an alertdialog on another website
Full-screen vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers
is related to incorrect restriction of visualized layers or UI frames.
Exploitation of the vulnerability could allow an attacker acting remotely to conduct spoofing attacks
The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to incorrect neutralization of special elements in the output layers or frames of the user interface.
neutralization of special elements in the output data used by the input component. Exploitation
of the vulnerability could allow an attacker acting remotely to inject arbitrary HTTP headers,
such as a Set-Cookie
Isolated iframe vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird browsers is related to a bug in the Thunderbird email client.
Thunderbird is related to bugs in security settings. Exploitation of the vulnerability could allow
an attacker acting remotely to bypass security restrictions and modify the CSP (Content Security
Policy)
Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to bugs in security settings.
security settings. Exploitation of the vulnerability could allow an attacker acting remotely,
bypass existing security restrictions using specially crafted browser prompts and dialog boxes.
dialog boxes
Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client of operating systems
Linux is related to the use of the assert() function. Exploitation of the vulnerability could allow an attacker,
acting remotely, to cause a denial of service
Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to flaws in access control.
in access differentiation. Exploitation of the vulnerability could allow an attacker acting remotely,
spoofing attacks
Vulnerability of pop-up notifications in Mozilla Firefox, Firefox ESR and Thunderbird email client is due to insufficient access control warnings.
Thunderbird is related to insufficient warning about dangerous actions. Exploitation of the vulnerability could
Allow an attacker acting remotely to grant permissions to a website
Vulnerability in Mozilla Firefox browser and Thunderbird email client is related to bounds errors during
HTML content processing. Exploitation of the vulnerability could allow an attacker acting remotely to cause memory corruption.
remotely, cause memory corruption and execute arbitrary code on the target system.
Vulnerability in the implementation of the HSTS (HTTP Strict Transport Security) mechanism in Mozilla Firefox,
Firefox ESR and Thunderbird email client are related to access control flaws. Exploitation
The exploitation of this vulnerability could allow a remote attacker to bypass protection mechanisms
Vulnerability in DevTools web development toolkit for Mozilla Firefox, Firefox ESR and Thunderbird email client is related to access control flaws.
Thunderbird email client is related to an access control flaw. Exploitation of the vulnerability
could allow an attacker acting remotely to escalate privileges.
Vulnerability in cursor mapping implementation of Mozilla Firefox, Firefox ESR and Thunderbird mail client
Thunderbird is related to incorrect restriction of rendered layers or frames. Exploitation of the vulnerability
could allow an attacker acting remotely to gain arbitrary permissions on a web site without the
user consent
A vulnerability in the Mozilla Thunderbird email client involves errors in assigning an encrypted subject
email to an arbitrary other email in the local cache. Exploitation
exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information.
information
The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an operation exceeding the buffer boundaries in memory.
operation outside of the memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code.
remotely to execute arbitrary code