Kaspersky LabKLA68921KLA68921 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information, perform cross-site scripting attack.
Below is a complete list of vulnerabilities:
- Security vulnerability when using the βSave Asβ functionality can be exploited to bypass security restrictions.
- Use after free vulnerability in JavaScript object transplant can be exploited to cause denial of service or execute arbitrary code.
- Heap buffer overflow vulnerability can be exploited to cause denial of service.
- Information disclosure vulnerability in Offscreen Canvas can be exploited to obtain sensitive information.
- Information disclosure vulnerability can be exploited to obtain sensitive information.
- Security vulnerability can be exploited to bypass security restrictions.
- Π‘orrupt memory leading vulnerability in Text Fragments can be exploited to a potentially exploitable crash.
- Use after free vulnerability in JavaScript Strings can be exploited to cause denial of service or execute arbitrary code.
- Π‘orrupt memory leading vulnerability can be exploited to cause denial of service.
- Cross-site scripting (XSS) vulnerability in cookie prefixes can be exploited to perform cross-site scripting attack.
- Information disclosure vulnerability in Screenshot functionality in Firefox can be exploited to obtain sensitive information.
- Memory safety vulnerability can be exploited to execute arbitrary code.
Original advisories
Related products
CVE list
CVE-2024-5692 unknown
CVE-2024-5688 unknown
CVE-2024-5700 unknown
CVE-2024-5693 unknown
CVE-2024-5690 unknown
CVE-2024-5691 unknown
CVE-2024-5696 unknown
CVE-2024-5694 unknown
CVE-2024-5695 unknown
CVE-2024-5687 unknown
CVE-2024-5698 unknown
CVE-2024-5699 unknown
CVE-2024-5697 unknown
CVE-2024-5701 unknown
CVE-2024-5689 unknown
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- XSS/CSS
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
Affected Products
- Mozilla Firefox earlier than 127.0
Related
