Lucene search

K
kasperskyKaspersky LabKLA10446
HistoryJan 13, 2015 - 12:00 a.m.

KLA10446 CI vulnerability in Mozilla products

2015-01-1300:00:00
Kaspersky Lab
threats.kaspersky.com
15

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.1%

Detect date:

01/13/2015

Severity:

High

Description:

Improper interpretation of HTTP headers was found in Mozilla products. By exploiting this vulnerability malicious users can inject cookie. This vulnerability can be exploited via specially designed HTTP headers.

Affected products:

Mozilla Firefox earlier than 35
Mozilla Firefox ESR earlier than 31.4
Mozilla SeaMonkey earlier than 2.32
Mozilla Thunderbird earlier than 31.4

Solution:

Update to latest version
Get Thunderbird
Get Firefox
Get SeaMonkey

Original advisories:

MFSA

Impacts:

CI

Related products:

Mozilla Firefox

CVE-IDS:

CVE-2014-86396.8High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.1%