Security Severity Ratings: Difference between revisions

Jump to navigation Jump to search

Security Severity Ratings (view source)

Revision as of 17:19, 4 June 2013

126 bytes removed ,  4 June 2013
no edit summary
No edit summary
Line 9: Line 9:


;'''sec-critical''': Exploitable vulnerabilities which can lead to the widespread compromise of many users.
;'''sec-critical''': Exploitable vulnerabilities which can lead to the widespread compromise of many users.
{| class="wikitable collapsible collapsed" style="width: 100%"
{| class="wikitable collapsible " style="width: 100%"
! ''sec-critical Examples:''
! ''sec-critical Examples:''
|-
|-
Line 30: Line 30:


;'''sec-high''': Obtain confidential data from other sites the user is visiting or the local machine, or inject data or code into those sites, requiring no more than normal browsing actions. Indefinite DoS of the user's system, requiring OS reinstallation or extensive cleanup. Exploitable web vulnerabilities that can lead to the targeted compromise of a small number of users.
;'''sec-high''': Obtain confidential data from other sites the user is visiting or the local machine, or inject data or code into those sites, requiring no more than normal browsing actions. Indefinite DoS of the user's system, requiring OS reinstallation or extensive cleanup. Exploitable web vulnerabilities that can lead to the targeted compromise of a small number of users.
{| class="wikitable collapsible collapsed" style="width: 100%"
{| class="wikitable collapsible " style="width: 100%"
! ''sec-high Examples:''
! ''sec-high Examples:''
|-
|-
Line 43: Line 43:


;'''sec-moderate''':  Vulnerabilities which can provide an attacker additional information or positioning that could be used in combination with other vulnerabilities. Disclosure of sensitive information that represents a violation of privacy but by itself does not expose the user or organization to immediate risk. The vulnerability combined with another moderate vulnerability could result in an attack of high or critical severity (aka stepping stone). Indefinite application Denial of Service (DoS) via corruption of state, requiring application re-installation or temporary DoS of the user's system, requiring reboot. The lack of standard defense in depth techniques and security controls.  
;'''sec-moderate''':  Vulnerabilities which can provide an attacker additional information or positioning that could be used in combination with other vulnerabilities. Disclosure of sensitive information that represents a violation of privacy but by itself does not expose the user or organization to immediate risk. The vulnerability combined with another moderate vulnerability could result in an attack of high or critical severity (aka stepping stone). Indefinite application Denial of Service (DoS) via corruption of state, requiring application re-installation or temporary DoS of the user's system, requiring reboot. The lack of standard defense in depth techniques and security controls.  
{| class="wikitable collapsible collapsed" style="width: 100%"
{| class="wikitable collapsible " style="width: 100%"
! ''sec-moderate Examples:''
! ''sec-moderate Examples:''
|-
|-
Line 59: Line 59:
;'''sec-low''': Minor security vulnerabilities such as leaks or spoofs of non-sensitive information. Missing best practice security controls  
;'''sec-low''': Minor security vulnerabilities such as leaks or spoofs of non-sensitive information. Missing best practice security controls  


{| class="wikitable collapsible collapsed" style="width: 100%"
{| class="wikitable collapsible " style="width: 100%"
! ''sec-low Examples:''
! ''sec-low Examples:''
|-
|-
Line 71: Line 71:
;'''sec-other''': Bugs that may not be exploitable security issues but are kept confidential to protect sensitive information. Bugs that contain sensitive information about the bug submitter or another user Bugs that are related to security issues currently unfixed in Mozilla products or other products
;'''sec-other''': Bugs that may not be exploitable security issues but are kept confidential to protect sensitive information. Bugs that contain sensitive information about the bug submitter or another user Bugs that are related to security issues currently unfixed in Mozilla products or other products


{| class="wikitable collapsible collapsed" style="width: 100%"
{| class="wikitable collapsible " style="width: 100%"
! ''sec-other Examples:''
! ''sec-other Examples:''
|-
|-
Line 87: Line 87:


=== Shared Keywords ===
=== Shared Keywords ===
{| style="width: 800px;" class="wikitable collapsible collapsed fullwidth-table"
{| style="width: 800px;" class="wikitable collapsible fullwidth-table"
! Shared Keywords
! Shared Keywords
|-
|-
Line 127: Line 127:


=== Group Keywords ===
=== Group Keywords ===
{| style="width: 800px;" class="wikitable collapsible collapsed fullwidth-table"
{| style="width: 800px;" class="wikitable collapsible fullwidth-table"
! Group Keywords
! Group Keywords
|-
|-
Line 137: Line 137:
| Client Security (ie. Firefox, Thunderbird, etc)
| Client Security (ie. Firefox, Thunderbird, etc)
|  
|  
{|class="wikitable collapsible collapsed fullwidth-table"
{|class="wikitable collapsible fullwidth-table"
! csec-
! csec-
|-
|-
Line 172: Line 172:
| Web Security (Web Sites, Web Services, etc)
| Web Security (Web Sites, Web Services, etc)
|
|
{|class="wikitable collapsible collapsed fullwidth-table"
{|class="wikitable collapsible fullwidth-table"
! wsec-
! wsec-
|-
|-
Line 217: Line 217:
| Operations Security (Mozilla owned & operated severs and services)
| Operations Security (Mozilla owned & operated severs and services)
|
|
{|class="wikitable collapsible collapsed fullwidth-table"
{|class="wikitable collapsible fullwidth-table"
! opsec-
! opsec-
|-
|-
Line 229: Line 229:
|}
|}
=== Whiteboard Tags ===
=== Whiteboard Tags ===
{| style="width: 800px;" class="wikitable collapsible collapsed fullwidth-table"
{| style="width: 800px;" class="wikitable collapsible fullwidth-table"
! Whiteboard Tags
! Whiteboard Tags
|-
|-
Line 294: Line 294:
|}
|}
=== Feature Page Codes ===
=== Feature Page Codes ===
{| style="width: 800px;" class="wikitable collapsible collapsed fullwidth-table"
{| style="width: 800px;" class="wikitable collapsible fullwidth-table"
! Feature Page Codes
! Feature Page Codes
|-
|-
Line 343: Line 343:
|}
|}
=== Flags ===
=== Flags ===
{| style="width: 800px;" class="wikitable collapsible collapsed fullwidth-table"
{| style="width: 800px;" class="wikitable collapsible fullwidth-table"
! Flags
! Flags
|-
|-
Line 383: Line 383:
|}
|}
=== Priority Matrix===
=== Priority Matrix===
{| class="wikitable collapsible collapsed" style="width: 100%"
{| class="wikitable collapsible " style="width: 100%"
! Priority Matrix (primarily OpSec)
! Priority Matrix (primarily OpSec)
|-
|-
Yboily
Confirmed users
180

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/663195"

Navigation menu