Kaspersky LabKLA11824

HistoryJun 30, 2020 - 12:00 a.m.

KLA11824 Multiple vulnerabilities in Mozilla Firefox

2020-06-3000:00:00

Kaspersky Lab

threats.kaspersky.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.2%

JSON

Detect date:

06/30/2020

Severity:

High

Description:

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, spoof user interface, obtain sensitive information, execute arbitrary code.

Affected products:

Mozilla Firefox earlier than 78.0.1

Solution:

Update to the latest version
Download Firefox

Original advisories:

MFSA2020-24

Impacts:

ACE

Related products:

Mozilla Firefox

CVE-IDS:

CVE-2020-124179.3Critical
CVE-2020-124244.3Warning
CVE-2020-124214.3Warning
CVE-2020-124209.3Critical
CVE-2020-124254.3Warning
CVE-2020-124169.3Critical
CVE-2020-124269.3Critical
CVE-2020-124227.6Critical
CVE-2020-124184.3Warning
CVE-2020-124236.9High
CVE-2020-124154.3Warning
CVE-2020-124021.2Warning
CVE-2020-124199.3Critical

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12415

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12416

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12417

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12418

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12419

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12420

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12421

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12422

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12423

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12424

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12425

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12426

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Mozilla-Firefox/

www.mozilla.org/en-US/firefox/new/

www.mozilla.org/en-US/security/advisories/mfsa2020-24/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.2%

JSON