Lucene search

K
kasperskyKaspersky LabKLA11272
HistoryNov 15, 2016 - 12:00 a.m.

KLA11272 Multiple vulnerabilities in Mozilla Firefox

2016-11-1500:00:00
Kaspersky Lab
threats.kaspersky.com
56

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.011

Percentile

84.2%

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, obtain sensitive information and spoof user interface.

Below is a complete list of vulnerabilities:

  1. A heap buffer overflow vulnerability Cairo can be exploited remotely to cause denial of service;
  2. An unspecified vulnerability can be exploited remotely via specially crafted URL to cause denial of service;
  3. An integer overflow vulnerability can be in JavaScript can be exploited remotely to cause denial of service;
  4. A buffer overflow vulnerability can be exploited remotely to cause denial of service;
  5. Multiple use-after-free vulnerabilities can be exploited remotely to cause denial of service;
  6. An unspecified vulnerability in WebExtentions can be exploited remotely via mozAddonManager API to gain privileges;
  7. A same-origin policy bypass can be exploited remotely to obtain sensitive information;
  8. Unspecified vulnerability can be exploited remotely via Mozilla Maintenance Service to gain privileges;
  9. An unspecified vulnerability can be exploited remotely via select dropdown menu to spoof user interface.

Original advisories

Mozilla Foundation Security Advisory 2016-89

Related products

Mozilla-Firefox

CVE list

CVE-2016-5289 critical

CVE-2016-5290 critical

CVE-2016-5291 warning

CVE-2016-5292 warning

CVE-2016-5293 warning

CVE-2016-5294 warning

CVE-2016-5295 warning

CVE-2016-5296 warning

CVE-2016-5297 critical

CVE-2016-9063 critical

CVE-2016-9064 warning

CVE-2016-9066 warning

CVE-2016-9067 warning

CVE-2016-9068 warning

CVE-2016-9070 high

CVE-2016-9071 warning

CVE-2016-9072 warning

CVE-2016-9073 warning

CVE-2016-9074 warning

CVE-2016-9075 critical

CVE-2016-9076 warning

CVE-2016-9077 high

CVE-2016-9069 high

Solution

Update to the latest version

Download Mozilla Firefox

Impacts

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Mozilla Firefox earlier than 50

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.011

Percentile

84.2%