Kaspersky LabKLA11001KLA11001 Use-after-free vulnerability in Mozilla Firefox and Mozilla Firefox ESR
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.5%
Detect date:
05/05/2017
Severity:
High
Description:
Use-after-free vulnerability was found in Mozilla Firefox and Mozilla Firefox ESR. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited remotely via a Buffer11 API calls within the ANGLE graphics library, used for WebGL content.
Affected products:
Mozilla Firefox ESR versions earlier than 52.1.1
Mozilla Firefox versions earlier than 53.0.2
Solution:
Update to latest version
Download Firefox ESR
Download Firefox
Original advisories:
Impacts:
DoS
Related products:
CVE-IDS:
CVE-2017-50316.8High
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/
threats.kaspersky.com/en/product/Mozilla-Firefox/
www.mozilla.org/en-US/firefox/new/
www.mozilla.org/en-US/firefox/organizations/all/
www.mozilla.org/en-US/security/advisories/mfsa2017-14/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.5%