Mozilla: >> Geckodriver Security Vulnerabilities
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-05-02
Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-07-20