When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a…
mozilla·CWE-1021·Published 2019-02-28
When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64.
When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64.
Cuando la página about:feeds de la previsualización de feeds RSS se enmarca dentro de otra página, puede utilizarse en conjunto con contenido programado para llevar a cabo un ataque de secuestro de clics que confunde a los usuarios para que descarguen y ejecuten un archivo ejecutable desde un directorio temporal. *Nota: Esto solo afecta a sistemas operativos Windows. Los otros sistemas operativos no se ven afectados.*. Esta vulnerabilidad afecta a las versiones anteriores a la 64 de Firefox.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.8 | 8.6 | 6.4 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| 3.0 | Primary | NVD | 8.8 | 2.8 | 5.9 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |