Lucene search

K
kasperskyKaspersky LabKLA10445
HistoryJan 13, 2015 - 12:00 a.m.

KLA10445 ACE vulnerability in Mozilla

2015-01-1300:00:00
Kaspersky Lab
threats.kaspersky.com
156

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.937 High

EPSS

Percentile

99.1%

Detect date:

01/13/2015

Severity:

Critical

Description:

Improper DOM objects interaction was found in Mozilla products. By exploiting this vulnerability malicious users can execute arbitrary code. This culnerability can be exploited remotely via unspecified vectors.

Affected products:

Mozilla Firefox versions earlier than 35
Mozilla SeaMonkey versions earlier than 2.32

Solution:

Update to latest version
Get SeaMonkey
Get Firefox

Original advisories:

MFSA

Impacts:

ACE

Related products:

Mozilla Firefox

CVE-IDS:

CVE-2014-86367.5Critical

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.937 High

EPSS

Percentile

99.1%