CCE-94532-9| Platform: cpe:/a:mozilla:firefox_rpm | Date: (C)2021-06-15 (M)2023-07-04 |
The default action for file types for which a plugin is installed is to automatically download and execute the file using the associated plugin. Firefox allows you to change the specified download action so that the file is opened with a selected external application or saved to disk instead. View the list of installed browser plugins and related MIME types by entering about:plugins in the address bar
Parameter:
[hta,jse,js,mocha,shs,vbe,vbs,sct,wsc]
Technical Mechanism:
Remove any unauthorized extensions from the autodownload list.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 7.5 | Attack Vector: NETWORK |
| Exploit Score: 3.9 | Attack Complexity: LOW |
| Impact Score: 3.6 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | Scope: UNCHANGED |
| | Confidentiality: NONE |
| | Integrity: NONE |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:60303 |
