Kaspersky LabKLA10765KLA10765 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.963 High
EPSS
Percentile
99.5%
Detect date:
03/08/2016
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code, spoof user interface, gain privileges and write local files.
Affected products:
Mozilla Firefox versions earlier than 45.0
Mozilla Firefox ESR versions earlier than 38.7
Solution:
Update to the latest version
Get Firefox ESR
Get Firefox
Original advisories:
Mozilla Foundation Security Advisories
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2016-28026.8High
CVE-2016-28016.8High
CVE-2016-28006.8High
CVE-2016-27999.3Critical
CVE-2016-27986.8High
CVE-2016-27976.8High
CVE-2016-27966.8High
CVE-2016-27956.8High
CVE-2016-27949.3Critical
CVE-2016-27936.8High
CVE-2016-27926.8High
CVE-2016-27916.8High
CVE-2016-27906.8High
CVE-2016-19796.8High
CVE-2016-19776.8High
CVE-2016-19766.8High
CVE-2016-19756.8High
CVE-2016-19746.8High
CVE-2016-19736.8High
CVE-2016-19726.8High
CVE-2016-19716.8High
CVE-2016-19706.8High
CVE-2016-19686.8High
CVE-2016-19674.3Warning
CVE-2016-19666.8High
CVE-2016-19654.3Warning
CVE-2016-19646.8High
CVE-2016-19506.8High
CVE-2016-19526.8High
CVE-2016-19536.8High
CVE-2016-19546.8High
CVE-2016-19554.3Warning
CVE-2016-19567.1High
CVE-2016-19574.3Warning
CVE-2016-19584.3Warning
CVE-2016-19596.8High
CVE-2016-19606.8High
CVE-2016-19616.8High
CVE-2016-19634.4Warning
Exploitation:
Public exploits exist for this vulnerability.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/
threats.kaspersky.com/en/product/Mozilla-Firefox/
www.mozilla.org/en-US/firefox/new/
www.mozilla.org/en-US/firefox/organizations/faq/
www.mozilla.org/en-US/security/advisories/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.963 High
EPSS
Percentile
99.5%