Changes

;'''sec-critical''': Exploitable vulnerabilities which can lead to the widespread compromise of many usersrequiring no more than normal browsing actions..

* Overflows resulting in native code execution

* Any crash where random memory or NULL is executed (The severity of web application bugs can depend on the top value of the stack is not a function)* Any crash where random memory is accessed* Any bug where random memory is written to is critical* Any bug where random memory is read from and then used in a subsequent memory or jump operation (offset, array, etc) is data that could be compromised. Flaws that could be considered criticalinclude

;'''sec-moderate''': Vulnerabilities which can provide an attacker additional information or positioning that could be used in combination with other vulnerabilities. Disclosure of sensitive information that represents a violation of privacy but by itself does not expose the user or organization to immediate risk. The vulnerability combined with another moderate vulnerability could result in an attack of high or critical severity (aka stepping stone). Indefinite application Denial of Service (DoS) via corruption of state, requiring application re-installation or temporary DoS of the user's system, requiring reboot. The lack of standard defense in depth techniques and security controls. Client bugs that might have high or critical results but require the user perform unusual or complex actions to trigger.