|
|
| Line 388: |
Line 388: |
| |- | | |- |
| |} | | |} |
| |}
| |
| === Priority Matrix===
| |
| {| class="wikitable collapsible " style="width: 100%"
| |
| ! Priority Matrix (primarily OpSec)
| |
| |-
| |
| |
| |
| ;'''Blocker''': Anything which is easily exploitable or reproducible and/or we are seeing active attempts to exploit. Anything which has a high impact to Mozilla should also be considered. This priority flag should communicate that other work is blocked
| |
| by this issue and it should be resolved immediately.
| |
| ''Examples:''
| |
| * SQL injection or Injection Flaws and Remote File Inclusion (RFI)
| |
| * Anything which has been publicized as a 0day which falls into the 'Critical' category.
| |
| * Flaws being actively used in the wild (chemspill?).
| |
|
| |
| ;'''Critical''': Vulnerabilities which are exploitable and/or hard to reproduce. We are also not seeing these being actively exploited or have another means to protect against a vulnerability.
| |
| ''Examples:''
| |
| * XSS
| |
| * CSRF and Authentication or token handling issues
| |
| :'''Major''': Vulnerabilities which have a slightly less degree of impact compared to Critical.
| |
| ''Examples:''
| |
| * Content Spoofing
| |
| * Information Disclosure or Error Handling
| |
| ;'''Normal''': Internal vulnerability with a low likelihood of being remotely exploitable.
| |
| |} | | |} |
|
| |
|
| [[/Security_Severity_Ratings/archive | archive]] | | [[/Security_Severity_Ratings/archive | archive]] |