Kaspersky LabKLA12011KLA12011 Multiple vulnerabilities in Mozilla Firefox ESR
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.026 Low
EPSS
Percentile
90.0%
Detect date:
11/17/2020
Severity:
Warning
Description:
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to gain privileges, perform cross-site scripting attack, obtain sensitive information, cause denial of service, spoof user interface, execute arbitrary code, bypass security restrictions.
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products:
Mozilla Firefox ESR earlier than 78.5
Solution:
Update to the latest version
Download Firefox ESR
Original advisories:
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2020-159996.5High
CVE-2020-160124.3Warning
CVE-2020-269646.8High
CVE-2020-269516.1High
CVE-2020-269534.3Warning
CVE-2020-269566.1High
CVE-2020-269626.1High
CVE-2020-269688.8Critical
CVE-2020-269634.3Warning
CVE-2020-269616.5High
CVE-2020-269676.5High
CVE-2020-269576.5High
CVE-2020-269544.3Warning
CVE-2020-269698.8Critical
CVE-2020-269608.8Critical
CVE-2020-269656.5High
CVE-2020-269598.8Critical
CVE-2020-269528.8Critical
CVE-2020-269666.5High
CVE-2020-269586.1High
CVE-2020-269556.5High
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26951
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26952
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26969
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/
www.mozilla.org/en-US/firefox/all/#product-desktop-esr
www.mozilla.org/en-US/security/advisories/mfsa2020-51/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.026 Low
EPSS
Percentile
90.0%