Confirmed users
561
edits
Security Severity Ratings/Client: Difference between revisions
Jump to navigation
Jump to search
Security Severity Ratings/Client (view source)
Revision as of 18:04, 10 October 2023
, 10 October 2023Added csectype-framepoisoning, csectype-nullptr, csectype-race, csectype-sidechannel, csectype-spoof. Removed csectype-ui-redress.
(Add csectype-sandbox-escape) |
Amccreight (talk | contribs) (Added csectype-framepoisoning, csectype-nullptr, csectype-race, csectype-sidechannel, csectype-spoof. Removed csectype-ui-redress.) |
||
| Line 139: | Line 139: | ||
|- | |- | ||
|csectype-dos || Used to tag client Denial of Service bugs. For web server denial of service bugs please use wsec-dos as these tend to be more severe. | |csectype-dos || Used to tag client Denial of Service bugs. For web server denial of service bugs please use wsec-dos as these tend to be more severe. | ||
|- | |||
|csectype-framepoisoning || client security issues prevented using layout's frame poisoning, which usually lowers the severity. | |||
|- | |- | ||
|csectype-intoverflow || client security issues due to integer overflow | |csectype-intoverflow || client security issues due to integer overflow | ||
|- | |- | ||
|csectype-jit || client security issues due to | |csectype-jit || client security issues due to JIT miscompilation or similar | ||
|- | |||
|csectype-nullptr || client security issue arising from a null pointer being treated as a valid pointer | |||
|- | |- | ||
|csectype-oom || A client crash or hang that occurs in Out Of Memory conditions | |csectype-oom || A client crash or hang that occurs in Out Of Memory conditions | ||
| Line 148: | Line 152: | ||
|csectype-other || client security issues that don't fit into other categories | |csectype-other || client security issues that don't fit into other categories | ||
|- | |- | ||
|csectype-priv-escalation || client privilege escalation security issues | |csectype-priv-escalation || client privilege escalation security issues | ||
|- | |||
|csectype-race || client security issue arising from the interaction of multiple threads | |||
|- | |||
|csectype-sandbox-escape || A content process can cause memory corruption or arbitrary/JS code execution in any other process through malformed or tricky IPC messages or Shared Memory | |||
|- | |- | ||
|csectype- | |csectype-sidechannel || client security issue arising from information about a computation being exposed through an external measurement such as time or power | ||
|- | |- | ||
|csectype-sop || violations of the client Same Origin Policy (Universal-XSS bugs, for example). | |csectype-sop || violations of the client Same Origin Policy (Universal-XSS bugs, for example). | ||
|- | |||
|csectype-spoof || client security issue from fooling the user into taking the wrong action by presenting incorrect UI | |||
|- | |- | ||
|csectype-uaf || client security issues due to a use-after-free | |csectype-uaf || client security issues due to a use-after-free | ||
|- | |- | ||
|csectype-undefined || Bugs--or potential bugs--due to undefined compiler behavior. | |csectype-undefined || Bugs--or potential bugs--due to undefined compiler behavior. | ||