CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
91.1%
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before
1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows
remote attackers to execute arbitrary JavaScript as the user via an HTML
mail message with a javascript: URI in an (1) img, (2) link, or (3) style
tag, which bypasses the access checks and executes code with chrome
privileges.