Lucene search

K

Kaspersky LabKLA10795

HistoryApr 26, 2016 - 12:00 a.m.

KLA10795 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

2016-04-2600:00:00

Kaspersky Lab

threats.kaspersky.com

28

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.162 Low

EPSS

Percentile

95.9%

Detect date:

04/26/2016

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, inject arbitrary code, elevate privileges, cause denial of service or obtain sensitive information.

Affected products:

Mozilla Firefox versions earlier than 46
Mozilla Firefox ESR versions earlier than 38.8
Mozilla Firefox ESR 45 versions earlier than 45.1

Solution:

Update to the latest version
Get Firefox
Get Firefox ESR

Original advisories:

Mozilla Foundation Advisories

Impacts:

ACE

Related products:

Mozilla Firefox

CVE-IDS:

CVE-2016-28085.1High
CVE-2016-28204.3Warning
CVE-2016-28174.3Warning
CVE-2016-28164.3Warning
CVE-2016-28146.8High
CVE-2016-28134.3Warning
CVE-2016-28125.1High
CVE-2016-28116.8High
CVE-2016-28104.3Warning
CVE-2016-28095.8High
CVE-2016-17804.3Warning

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1780

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2809

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2810

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2811

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2812

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2813

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2816

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2817

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2820

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/

threats.kaspersky.com/en/product/Mozilla-Firefox-for-Android/

threats.kaspersky.com/en/product/Mozilla-Firefox/

www.mozilla.org/en-US/firefox/organizations/

www.mozilla.org/en-US/security/advisories/

www.mozilla.org/firefox/new/?scene=2

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.162 Low

EPSS

Percentile

95.9%

Related for KLA10795

nessus25 openvas31 ubuntu3 suse4 archlinux1 freebsd1 cve11 debiancve10 prion11 ubuntucve11 mozilla9 debian1 veracode2 mageia1 oraclelinux1 redhat1 centos1 gentoo1 apple2