Ps Project Management Team » Unity-firefox-extension : Security Vulnerabilities, CVEs, CVSS score >= 2
Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request.
Max CVSS
7.5
EPSS Score
5.20%
Published
2012-11-24
Updated
2017-08-29
content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage.
Max CVSS
4.3
EPSS Score
0.18%
Published
2012-12-26
Updated
2013-01-11
2 vulnerabilities found