Lucene search

Kaspersky LabKLA11082

HistoryAug 08, 2017 - 12:00 a.m.

KLA11082 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

2017-08-0800:00:00

Kaspersky Lab

threats.kaspersky.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.4%

JSON

Detect date:

08/08/2017

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, privilege escalation, spoof user interface, bypass security restrictions, obtain sensitive information and execute arbitrary code.

Affected products:

Mozilla Firefox versions earlier than 55
Mozilla Firefox ESR versions earlier than 52.3

Solution:

Update to the latest version
Download Mozilla Firefox ESR
Download Mozilla Firefox

Original advisories:

MFSA 2017-18
MFSA 2017-19

Impacts:

ACE

Related products:

Mozilla Firefox

CVE-IDS:

Exploitation:

Public exploits exist for this vulnerability.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7780

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7781

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7782

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7783

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7788

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7789

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7790

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7794

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7796

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7797

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7799

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7804

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7806

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7808

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/

threats.kaspersky.com/en/product/Mozilla-Firefox/

www.mozilla.org/en-US/firefox/new/

www.mozilla.org/en-US/firefox/organizations/all/

www.mozilla.org/en-US/security/advisories/mfsa2017-18/

www.mozilla.org/en-US/security/advisories/mfsa2017-19/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.4%

JSON