Lucene search

Kaspersky LabKLA11044

HistoryJun 13, 2017 - 12:00 a.m.

KLA11044 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR

2017-06-1300:00:00

Kaspersky Lab

threats.kaspersky.com

639

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.4%

JSON

Detect date:

06/13/2017

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to gain privileges, cause a denial of service, read and write local files, spoof user interface and bypass security restrictions.

Affected products:

Mozilla Firefox versions earlier than 54
Mozilla Firefox ESR versions earlier than 52.2

Solution:

Update to the latest version
Download Mozilla Firefox ESR
Download Mozilla Firefox

Original advisories:

MFSA 2017-16
MFSA 2017-15

Impacts:

ACE

Related products:

Mozilla Firefox

CVE-IDS:

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5471

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7755

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7759

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7760

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7761

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7762

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7763

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7765

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7766

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7767

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7768

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7770

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7775

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/

threats.kaspersky.com/en/product/Mozilla-Firefox/

www.mozilla.org/en-US/firefox/new/

www.mozilla.org/en-US/firefox/organizations/all/

www.mozilla.org/en-US/security/advisories/mfsa2017-15/

www.mozilla.org/en-US/security/advisories/mfsa2017-16/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.4%

JSON