6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
39.9%
firefox-esr is vulnerable to Path Traversal. The vulnerability arises when choosing ‘Save Link As,’ and suggested filenames containing environment variable names are resolved within the context of the current user. This can lead to unauthorized access to files and directories outside of the intended directory. This bug only affects Firefox and Thunderbird on Windows