Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA65224
HistoryMar 19, 2024 - 12:00 a.m.

KLA65224 Multiple vulnerabilities in Mozilla Firefox

2024-03-1900:00:00
Kaspersky Lab
threats.kaspersky.com
18
mozilla firefox
arbitrary code execution
denial of service
sensitive information
user interface spoofing
privilege escalation
security restrictions
update
mfsa2024-12
ace
cve-2023-5388
cve-2024-2612
cve-2024-2613
cve-2024-2605
cve-2024-2608
cve-2024-2609
cve-2024-2606
cve-2024-2607
cve-2024-2615
cve-2024-2614
cve-2024-2611
cve-2024-2610

9.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface, gain privileges, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. Use after free vulnerability in SafeRefPtr can be exploited to cause denial of service or execute arbitrary code.
  2. Denial of service vulnerability can be exploited remotely to cause denial of service.
  3. Information disclosure vulnerability in NSS can be exploited to obtain sensitive information.
  4. Remote code execution vulnerability in Windows Error Reporter can be exploited remotely to execute arbitrary code.
  5. Integer overflow vulnerability can be exploited to cause denial of service.
  6. Clickjacking permission prompts vulnerability can be exploited remotely to spoof user interface.
  7. Remote code execution vulnerability can be exploited remotely to execute arbitrary code.
  8. Memory safety vulnerability can be exploited to execute arbitrary code.
  9. Clickjacking permission prompts vulnerability can be exploited remotely to gain privileges.
  10. Security vulnerability in composition area can be exploited to bypass security restrictions.

Original advisories

MFSA2024-12

Related products

Mozilla-Firefox

CVE list

CVE-2023-5388 warning

CVE-2024-2612 warning

CVE-2024-2613 warning

CVE-2024-2605 warning

CVE-2024-2608 warning

CVE-2024-2609 warning

CVE-2024-2606 warning

CVE-2024-2607 warning

CVE-2024-2615 warning

CVE-2024-2614 warning

CVE-2024-2611 warning

CVE-2024-2610 warning

Solution

Update to the latest version

Download Firefox

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Mozilla Firefox earlier than 124

Related

nessus 55
ubuntu 2
osv 12
mozilla 3
openvas 21
slackware 2
kaspersky 2
redhat 18
oraclelinux 6
debian 4
almalinux 4
amazon 1
rocky 2
mageia 2
centos 2
ubuntucve 9
alpinelinux 4
cnvd 7
debiancve 10
cgr 2
veracode 7
cvelist 8
cve 7
nvd 6
redhatcve 3
nessus
nessus
Fedora 39 : firefox (2024-113454b56b)
2024-03-20 00:00:00
Fedora 38 : firefox (2024-7e71e9eaba)
2024-03-20 00:00:00
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6703-1)
2024-03-20 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2024-03-20 00:00:00
Thunderbird vulnerabilities
2024-03-26 00:00:00
osv
osv
firefox vulnerabilities
2024-03-20 05:48:06
Moderate: thunderbird security update
2024-03-25 00:00:00
Moderate: thunderbird security update
2024-03-25 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 124 — Mozilla
2024-03-19 00:00:00
Security Vulnerabilities fixed in Firefox ESR 115.9 — Mozilla
2024-03-19 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.9 — Mozilla
2024-03-19 00:00:00
openvas
openvas
Mozilla Firefox Security Update (mfsa_2024-12) - Windows
2024-03-25 00:00:00
Mozilla Firefox Security Advisory (MFSA2024-12) - Linux
2024-03-19 00:00:00
Ubuntu: Security Advisory (USN-6703-1)
2024-03-21 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2024-03-20 00:27:50
[slackware-security] mozilla-thunderbird
2024-03-20 00:28:21
kaspersky
kaspersky
KLA65226 Multiple vulnerabilities in Mozilla Thunderbird
2024-03-19 00:00:00
KLA65225 Multiple vulnerabilities in Mozilla Firefox ESR
2024-03-19 00:00:00
redhat
redhat
(RHSA-2024:1499) Moderate: thunderbird security update
2024-03-25 18:34:00
(RHSA-2024:1500) Moderate: thunderbird security update
2024-03-25 18:46:38
(RHSA-2024:1496) Moderate: thunderbird security update
2024-03-25 18:33:37
oraclelinux
oraclelinux
thunderbird security update
2024-03-26 00:00:00
thunderbird security update
2024-03-26 00:00:00
thunderbird security update
2024-03-25 00:00:00
debian
debian
[SECURITY] [DSA 5643-1] firefox-esr security update
2024-03-21 19:19:35
[SECURITY] [DSA 5644-1] thunderbird security update
2024-03-21 19:22:16
[SECURITY] [DLA 3769-1] thunderbird security update
2024-03-23 11:22:35
almalinux
almalinux
Moderate: thunderbird security update
2024-03-25 00:00:00
Moderate: thunderbird security update
2024-03-25 00:00:00
Critical: firefox security update
2024-03-25 00:00:00
amazon
amazon
Important: thunderbird
2024-03-27 21:32:00
rocky
rocky
thunderbird security update
2024-03-27 04:34:32
firefox security update
2024-03-27 04:34:32
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2024-03-27 22:40:25
Updated nss firefox, nss packages fix security vulnerabilities
2024-03-27 22:24:13
centos
centos
thunderbird security update
2024-04-03 14:01:39
firefox security update
2024-04-03 14:00:43
ubuntucve
ubuntucve
CVE-2024-2606
2024-03-19 00:00:00
CVE-2024-2605
2024-03-19 00:00:00
CVE-2024-2608
2024-03-19 00:00:00
alpinelinux
alpinelinux
CVE-2024-2605
2024-03-19 12:15:08
CVE-2024-2608
2024-03-19 12:15:08
CVE-2024-2611
2024-03-19 12:15:09
cnvd
cnvd
Code execution vulnerability in multiple Mozilla products (CNVD-2024-14974)
2024-03-21 00:00:00
Mozilla Firefox Security Bypass Vulnerability (CNVD-2024-14982)
2024-03-21 00:00:00
Mozilla Firefox Clickjacking Vulnerability (CNVD-2024-14973)
2024-03-21 00:00:00
debiancve
debiancve
CVE-2024-2605
2024-03-19 12:15:08
CVE-2024-2606
2024-03-19 12:15:08
CVE-2024-2613
2024-03-19 12:15:09
cgr
cgr
CVE-2024-2605 vulnerabilities
2024-05-19 03:07:16
CVE-2024-2607 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Arbitrary Code Execution
2024-04-10 21:52:28
Improper Input Validation
2024-03-25 01:33:05
Arbitrary Code Execution
2024-03-25 01:32:51
cvelist
cvelist
CVE-2024-2606
2024-03-19 12:02:52
CVE-2024-2608
2024-03-19 12:02:53
CVE-2024-2615
2024-03-19 12:02:57
cve
cve
CVE-2024-2606
2024-03-19 12:15:08
CVE-2024-2613
2024-03-19 12:15:09
CVE-2024-2608
2024-03-19 12:15:08
nvd
nvd
CVE-2024-2606
2024-03-19 12:15:08
CVE-2024-2613
2024-03-19 12:15:09
CVE-2024-2615
2024-03-19 12:15:09
redhatcve
redhatcve
CVE-2024-2605
2024-03-21 11:00:58
CVE-2024-2607
2024-03-21 11:39:26
CVE-2024-2611
2024-03-21 11:39:41

9.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON
Related for KLA65224
nessus55ubuntu2osv12mozilla3openvas21slackware2kaspersky2redhat18oraclelinux6debian4almalinux4amazon1rocky2mageia2centos2ubuntucve9alpinelinux4cnvd7debiancve10cgr2veracode7cvelist8cve7nvd6redhatcve3