Lucene search

K
kasperskyKaspersky LabKLA11629
HistoryJan 07, 2020 - 12:00 a.m.

KLA11629 Multiple vulnerabilities in Mozilla Firefox ESR

2020-01-0700:00:00
Kaspersky Lab
threats.kaspersky.com
27

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.012

Percentile

85.5%

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions, perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

  1. Memory corruption vulnerability on Windows can be exploited locally to obtain sensitive information.
  2. Memory corruption vulnerability can be exploited locally to execute arbitrary code.
  3. Bypass security vulnerability can be exploited locally to obtain sensitive information.
  4. Type confusion vulnerability can be exploited locally to execute arbitrary code.
  5. CSS sanitization vulnerability can be exploited locally.
  6. Memory corruption vulnerability on Windows can be exploited locally to cause denial of service.

Original advisories

mfsa2020-02

Related products

Mozilla-Firefox-ESR

CVE list

CVE-2019-17024 high

CVE-2019-17021 warning

CVE-2019-17016 warning

CVE-2019-17017 high

CVE-2019-17022 warning

CVE-2019-17015 high

Solution

Update to the latest version

Download Mozilla Firefox ESR

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • XSS/CSS

Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.

Affected Products

  • Mozilla Firefox ESR earlier than 68.4

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.012

Percentile

85.5%