124
edits
Security Severity Ratings/Client: Difference between revisions
no edit summary
(updated description and examples for 'sec-other') |
No edit summary |
||
| Line 27: | Line 27: | ||
|- | |- | ||
| | | | ||
* Memory Safety issues, unless constrained e.g. by OOM conditions | |||
* Theft of arbitrary files from local system | * Theft of arbitrary files from local system | ||
* | * Domain spoofing that affects the actual URL bar or prevents it from appearing; excluding fullscreen techniques | ||
* JavaScript injection into browser chrome or other origins | * JavaScript injection into browser chrome or other origins | ||
* Failure to use TLS where needed to ensure confidential/security | * Failure to use TLS where needed to ensure confidential/security | ||
* Sandbox escapes | * Sandbox escapes | ||
* Proxy bypass | * Proxy bypass | ||
* Disclosure of browsing history | * Disclosure of detailed browsing history | ||
* Launching of arbitrary local application with provided arguments | * Launching of arbitrary local application with provided arguments | ||
* Installation & execution of plugins/modules with chrome/native privileges, without user consent or via user dialog fatigue | * Installation & execution of plugins/modules with chrome/native privileges, without user consent or via user dialog fatigue | ||
| Line 46: | Line 44: | ||
|- | |- | ||
| | | | ||
* Private Browsing Mode data leaks | * Memory Safety issues caused by OOM conditions; unless precise triggering of the condition can be shown | ||
* Techniques that put the browser into fullscreen mode without user interaction or while obscuring the notification | |||
* Techniques that overlay the address bar with another piece of browser chrome to obscure it | |||
* Private Browsing Mode data leaks to disk on Desktop | |||
* Disclosure of OS username | * Disclosure of OS username | ||
* Disclosure of browsing history through efficient and fast timing side channels | * Disclosure of more limited browsing history or browsing history through efficient and fast timing side channels | ||
* Detection of arbitrary local files | * Detection of arbitrary local files | ||
* Launching of arbitrary local application without arguments | * Launching of arbitrary local application without arguments | ||
| Line 59: | Line 60: | ||
|- | |- | ||
| | | | ||
* Private Browsing Mode data leaks to disk on Mobile | |||
* Techniques that cause a JavaScript alert to be shown with a different domain in the address bar | |||
* Detection of a previous visit to a specific site, or when the affected site has a certain configuration | * Detection of a previous visit to a specific site, or when the affected site has a certain configuration | ||
* Identification of users by profiling browsing behavior. | * Identification of users by profiling browsing behavior. | ||
* Corruption of chrome dialogs or user input without the ability to spoof arbitrary messages | * Corruption of chrome dialogs or user input without the ability to spoof arbitrary messages | ||
* Most Denial of Service vulnerabilities, such as those requiring a browser restart | * Most Denial of Service vulnerabilities, such as triggering a release assertion or those requiring a browser restart | ||
|} | |} | ||
;'''Mitigating Circumstances''': | ;'''Mitigating Circumstances''': | ||