Mozilla Firefox Information Disclosure Vulnerability

Technical Severity

CVSS v3.1 Metrics

MEDIUM

6.5 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitation Likelihood

EPSS Prediction

4.74 %

Predictive Probability

Percentile Rank

89.2 th

Documented as more likely to be exploited than 89.2% of known CVEs.

Detection Date

Mar 03, 2022

Remediation Due

Mar 24, 2022

CISA Catalog Active

Threat Analysis

Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Remediation Directive

Apply updates per vendor instructions.

Asset Context

Vendor Identity

Mozilla

Affected Product

Firefox

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-119

External Intelligence

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2013-1675