CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
97.3%
Mozilla Firefox before 37.0 relies on docshell type information instead of
page principal information for Window.webidl access control, which might
allow remote attackers to execute arbitrary JavaScript code with chrome
privileges via certain content navigation that leverages the reachability
of a privileged window with an unintended persistence of access to
restricted internal methods.