Lucene search

K
kasperskyKaspersky LabKLA11259
HistoryJun 08, 2018 - 12:00 a.m.

KLA11259 DoS vulnerability in Mozilla Firefox and Firefox ESR

2018-06-0800:00:00
Kaspersky Lab
threats.kaspersky.com
68

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.296 Low

EPSS

Percentile

96.8%

Detect date:

06/08/2018

Severity:

Critical

Description:

A heap buffer overflow vulnerability was found in the Skia library. By exploiting this vulnerability malicious users can cause denial of service via specially crafted SVG file with anti-aliasing turned off.

Affected products:

Mozilla Firefox earlier than 60.0.2
Mozilla Firefox ESR earlier than 52.8.1
Mozilla Firefox ESR earlier than 60.0.2

Solution:

Update to the latest version
Download Mozilla Firefox ESR
Download Mozilla Firefox

Original advisories:

Mozilla Foundation Security Advisory 2018-14

Impacts:

DoS

Related products:

Mozilla Firefox

CVE-IDS:

CVE-2018-61266.8High

Exploitation:

Public exploits exist for this vulnerability.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.296 Low

EPSS

Percentile

96.8%