10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.245 Low
EPSS
Percentile
96.7%
Multiple serious vulnerabilities have been found in Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or execute arbitrary code.
Below is a complete list of vulnerabilities
Technical details
(1) can be exploited via a specially designed <canvas> element. Occurs when resize event coacts with style changes which causes recreation of original canvas reference.
Normally when user enters the URL to an add-on directly warnings are bypassed because itβs result of direct user action. data: URL could be manipulated to simulate direct user input to exploit (2). Also URL can be spoofed to manipulate user into falsely believing that installation was initiated by trusted site.
CVE-2015-4498 critical
CVE-2015-4497 critical
Update to the latest versionGet Firefox
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.