CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
88.0%
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox
before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7,
does not properly handle the discarding of image data during function
execution, which allows remote attackers to execute arbitrary code by
triggering prolonged image scaling, as demonstrated by scaling of a
high-quality image.