Kaspersky LabKLA10120KLA10120 Multiple vulnerabilities in Mozilla
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.048 Low
EPSS
Percentile
92.7%
Multiple critical vulnerabilities have been found in Mozilla products. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code, bypass security restrictions or gain privileges. Below is a complete list of vulnerabilities
- Vectors related to the SVG filter can be exploited remotely via timing attacks;
- Multiple unknown vulnerabilities can be exploited remotely via unknown vectors;
- Vectors related to unknown applications can be exploited locally via update content manipulations;
- Vectors related to DecodeAudioData can be exploited remotely via a specially designed WAV file;
- Vectors related to MathML polygon rendering can be exploited remotely via unknown applications;
- A buffer overflow can be exploited remotely via a specially designed extension.
Original advisories
Related products
CVE list
CVE-2014-1508 high
CVE-2014-1497 high
CVE-2014-1496 warning
CVE-2014-1494 critical
CVE-2014-1509 high
CVE-2014-1505 warning
CVE-2014-1493 critical
Solution
Update to latest versionSeamonkeyFirefox
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Mozilla Firefox versions 27.0.1 and earlierWaterfox Firefox versions 27.0.1 and earlierMozilla Firefox ESR versions 24.3 and earlierMozilla Thunderbird versions 24.3 and earlierMozilla Seamonkey versions 2.24 and earlierCometBird all versions
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.048 Low
EPSS
Percentile
92.7%