130
edits
Security Severity Ratings: Difference between revisions
Jump to navigation
Jump to search
Added proxy bypass
(Add kiosk mode as sec-other per discussion with Freddy) |
(Added proxy bypass) |
||
| Line 26: | Line 26: | ||
|} | |} | ||
;'''sec-high''': Obtain confidential data from other sites the user is visiting or the local machine, or inject data or code into those sites, requiring no more than normal browsing actions. Indefinite DoS of the user's system, requiring OS reinstallation or extensive cleanup. Exploitable web vulnerabilities that can lead to the targeted compromise of a small number of users. Sandbox escapes which require the attacker to already have arbitrary code execution in the content process. | ;'''sec-high''': Obtain confidential data from other sites the user is visiting or the local machine (including the user's IP address if a proxy is used), or inject data or code into those sites, requiring no more than normal browsing actions. Indefinite DoS of the user's system, requiring OS reinstallation or extensive cleanup. Exploitable web vulnerabilities that can lead to the targeted compromise of a small number of users. Sandbox escapes which require the attacker to already have arbitrary code execution in the content process. | ||
{| class="wikitable collapsible " style="width: 100%" | {| class="wikitable collapsible " style="width: 100%" | ||
! ''sec-high Examples:'' | ! ''sec-high Examples:'' | ||
| Line 38: | Line 38: | ||
* Failure to use TLS where needed to ensure confidential/security | * Failure to use TLS where needed to ensure confidential/security | ||
* Memory corruption in a parent process IPC method which a malicious content process could exploit. | * Memory corruption in a parent process IPC method which a malicious content process could exploit. | ||
* Proxy bypass | |||
|} | |} | ||