Kaspersky LabKLA10748KLA10748 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.03 Low
EPSS
Percentile
90.7%
Detect date:
01/26/2016
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, spoof user interface and execute arbitrary code.
Affected products:
Mozilla Firefox versions earlier than 44
Mozilla Firefox ESR versions earlier than 38.6
Solution:
Update to the latest version
Download Firefox ESR
Download Firefox
Original advisories:
Mozilla foundation security advisories
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2016-19484.3Warning
CVE-2016-19474.3Warning
CVE-2016-19459.3Critical
CVE-2016-19434.3Warning
CVE-2016-19424.3Warning
CVE-2016-19414.3Warning
CVE-2016-19405.0Warning
CVE-2016-19395.0Warning
CVE-2016-19386.4High
CVE-2016-19374.3Warning
CVE-2016-19359.3Critical
CVE-2016-19334.3Warning
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1941
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1943
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1947
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1948
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/
threats.kaspersky.com/en/product/Mozilla-Firefox/
www.mozilla.org/en-US/firefox/new/
www.mozilla.org/en-US/firefox/organizations/faq/
www.mozilla.org/en-US/security/advisories/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.03 Low
EPSS
Percentile
90.7%