Vulnerability Name: | CCN-106971 | ||||||
Published: | 2015-10-05 | ||||||
Updated: | 2015-10-05 | ||||||
Summary: | Multiple browsers could allow a remote attacker to obtain information, caused by the improper use of standard HTML and JavaScript. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to invoke the windows.performance object and extract Windows performance counter frequency. This could be used to detect if the user's browser is running on a virtual machine. | ||||||
CVSS v3 Severity: | 4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) 3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||
CVSS v2 Severity: | 4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||
Vulnerability Consequences: | Obtain Information | ||||||
References: | Source: CCN Type: Microsoft Web site Internet Explorer Source: CCN Type: Mozilla Web site Firefox - Rediscover the web Source: CCN Type: Security Galore Web site Web-based virtual machine detection using the HTML5 Performance object Source: XF Type: UNKNOWN multiple-browsers-html5-info-disc(106971) | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |