Lucene search

Kaspersky LabKLA11184

HistoryJan 23, 2018 - 12:00 a.m.

KLA11184 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

2018-01-2300:00:00

Kaspersky Lab

threats.kaspersky.com

590

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON

Detect date:

01/23/2018

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, bypass security restrictions and gain privileges.

Affected products:

Mozilla Firefox versions earlier then 58
Mozilla Firefox ESR versions earlier then 52.6

Solution:

Update to the latest version
Download Mozilla Firefox ESR
Download Mozilla Firefox

Original advisories:

Mozilla Foundation Security Advisory 2018-02
Mozilla Foundation Security Advisory 2018-03

Impacts:

ACE

Related products:

Mozilla Firefox

CVE-IDS:

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5089

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5091

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5092

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5093

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5094

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5095

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5096

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5097

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5098

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5099

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5100

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5101

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5103

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5104

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5105

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5106

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5107

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5108

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5109

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5110

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5111

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5112

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5113

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5114

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5115

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5116

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5117

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5118

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5119

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5121

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5122

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/class/Exploit/

threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/

threats.kaspersky.com/en/product/Mozilla-Firefox/

www.mozilla.org/en-US/firefox/new/

www.mozilla.org/en-US/firefox/organizations/all/

www.mozilla.org/en-US/security/advisories/mfsa2018-02/

www.mozilla.org/en-US/security/advisories/mfsa2018-03/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON