Описание
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue Tracking
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue Tracking
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Конфигурация 2Версия до 37.0 (включая)
Одновременно
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01465
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
debian
почти 11 лет назад
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, a ...
github
больше 3 лет назад
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.
EPSS
Процентиль: 81%
0.01465
Низкий
5 Medium
CVSS2
Дефекты
CWE-264