Kaspersky LabKLA10525KLA10525 Multiple vulnerabilities in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.964 High
EPSS
Percentile
99.5%
Detect date:
03/31/2015
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Mozilla Firefox before 37.0, Mozilla Firefox ESR 31.x before 31.6, Mozilla Thunderbird before 31.6. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause a denial of service (heap memory corruption) and bypass an intended user-confirmation requirement.
Affected products:
Mozilla Firefox before 37.0
Mozilla Firefox ESR 31.x before 31.6
Mozilla Thunderbird before 31.6
Solution:
Update to latest version
Get Mozilla Thunderbird
Get Mozilla Firefox ESR
Get Mozilla Firefox
Original advisories:
Mozilla Foundation Security Advisories
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2015-08124.3Warning
CVE-2015-08135.1High
CVE-2015-08104.3Warning
CVE-2015-08116.4High
CVE-2015-08157.5Critical
CVE-2015-08147.5Critical
CVE-2015-08057.5Critical
CVE-2015-08067.5Critical
CVE-2015-08047.5Critical
CVE-2015-08165.0Critical
CVE-2015-08076.8High
CVE-2015-08085.0Critical
Exploitation:
Public exploits exist for this vulnerability.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0806
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0807
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0810
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/
threats.kaspersky.com/en/product/Mozilla-Firefox/
threats.kaspersky.com/en/product/Mozilla-Thunderbird/
www.mozilla.org/en-US/firefox/new/
www.mozilla.org/en-US/firefox/organizations/all/
www.mozilla.org/en-US/security/advisories/
www.mozilla.org/en-US/thunderbird/download
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.964 High
EPSS
Percentile
99.5%