Lucene search

K

Kaspersky LabKLA11135

HistoryNov 14, 2017 - 12:00 a.m.

KLA11135 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

2017-11-1400:00:00

Kaspersky Lab

threats.kaspersky.com

236

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.1%

Detect date:

11/14/2017

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, spoof user interface, perform cross-site scripting, gain privileges and execute arbitrary code.

Affected products:

Mozilla Firefox versions earlier than 57
Mozilla Firefox ESR versions earlier than 52.5
Mozilla Firefox versions earlier than 57
Mozilla Firefox ESR versions earlier than 52.5

Solution:

Update to the latest version
Download Mozilla Firefox

Original advisories:

Mozilla Foundation Security Advisory 2017-24
Mozilla Foundation Security Advisory 2017-25

Impacts:

ACE

Related products:

Mozilla Firefox

CVE-IDS:

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7831

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7832

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7833

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7834

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7835

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7836

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7837

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7838

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7839

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7840

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7842

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/

threats.kaspersky.com/en/product/Mozilla-Firefox/

www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7834

www.mozilla.org/en-US/security/advisories/mfsa2017-25/

www.mozilla.org/ru/firefox/new/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.1%

Related for KLA11135

ubuntucve2 debiancve2 redhatcve1 veracode1 cve2 prion2 kaspersky1 nessus36 altlinux2 osv5 openvas31 oraclelinux2 suse3 debian5 mozilla3 centos2 archlinux2 mageia3 redhat2 ubuntu5 freebsd1 gentoo1