Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10852
HistoryAug 02, 2016 - 12:00 a.m.

KLA10852 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

2016-08-0200:00:00
Kaspersky Lab
threats.kaspersky.com
27

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.0%

JSON

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code, spoof user interface, bypass security restrictions, conduct cross-site scripting or read local files.

Below is a complete list of vulnerabilities

  1. An improper network connection handling can be exploited remotely via traffic overview to obtain sensitive information;
  2. Multiple unknown vulnerabilities at the browser engine can be exploited remotely to cause denial of service or possibly execute arbitrary code;
  3. Buffer overflow vulnerability at ClearKey Content Decryption Module can be exploited remotely via a specially designed video to execute arbitrary code;
  4. Buffer overflow can be exploited remotely via a specially designed SVG document to execute arbitrary code;
  5. An improper cairo calls can be exploited remotely via a specially designed video to cause denial of service;
  6. Lack of restrictions can be exploited remotely via a specially designed API calls to obtain sensitive information;
  7. An unknown vulnerability can be exploited remotely via a specially designed URL to spoof user interface;
  8. Buffer overflow can be exploited remotely via a specially designed graphics to execute arbitrary code;
  9. An unknown vulnerability at Updater can be exploited locally via vectors related to callback application-path parameter and a hard link to write arbitrary files;
  10. Use-after-free vulnerability can be exploited via vectors related to keyboard yo cause denial of service or execute arbitrary code;
  11. Use-after-free vulnerability can be exploited via a specially designed JavaScript to execute arbitrary code;
  12. Use-after-free at WebRTC can be exploited remotely to execute arbitrary code;
  13. Use-after-free vulnerability can be exploited remotely via a specially designed script to execute arbitrary code;
  14. An improper input types handling at Sessions Manager can be exploited via session restoration file reading to obtain sensitive information;
  15. Integer overflow at WebSocket can be exploited remotely via a specially designed packets to cause denial of service or execute arbitrary code;
  16. Lack of restrictions can be exploited via a specially designed web-site to conduct cross-site scripting;
  17. An improper rendering display transformation handling can be exploited remotely via a specially designed web site to execute arbitrary code;
  18. Use-after-free vulnerability can be exploited remotely via a specially designed SVG element to cause denial of service or execute arbitrary code;
  19. An unknown vulnerability can be exploited user-assisted remote attackers via a files manipulation to bypass security restrictions, conduct universal cross-site scripting attack or read arbitrary files;
  20. Lack of drag-n-drop restrictions can be exploited via a specially designed web site to access local files;
  21. An unknown vulnerability can be exploited remotely via a special characters to spoof user interface;
  22. An improper flags handling can be exploited via a specially designed URL to spoof user interface.

Technical details

To exploit vulnerability β„–2 can be exploited via vectors related to Http2Session::Shutdown, SpdySession31::Shutdown, and other vectors.

Vulnerability β„–3 can be exploited via malformed video and Gecko Media Plugin (GMP) sandbox bypass.

Vulnerability β„–4 caused by Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function

Vulnerability β„–5 related to cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10

Vulnerability β„–8 caused by Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function

Vulnerability β„–10 related to nsXULPopupManager::KeyDown function

Vulnerability β„–11 related to js::PreliminaryObjectArray::sweep function

Vulnerability β„–12 related to WebRTC socket thread

Vulnerability β„–13 related to CanonicalizeXPCOMParticipant function

Vulnerability β„–14 caused by mishandling changes from β€˜INPUT type=”passwordβ€β€˜ to β€˜INPUT type=”textβ€β€˜ within a single Session Manager session

Vulnerability β„–15 can be exploited via packets that trigger incorrect buffer-resize operations during buffering

Vulnerability β„–16 related to process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox=”allow-scripts” attribute value

Vulnerability β„–17 related to nsDisplayList::HitTest function that mishandles rendering display transformation

Vulnerability β„–18 related to nsNodeUtils::NativeAnonymousChildListChange function

Vulnerability β„–20 caused by not restricted drag-and-drop (aka dataTransfer) actions for file: URIs

Vulnerability β„–21 can be exploited via left-to-right characters in conjunction with a right-to-left character set. (Android)

Vulnerability β„–22 caused by an improper LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags handling.

Original advisories

Mozilla Foundation Security Advisories page

Related products

Mozilla-Firefox

Mozilla-Firefox-ESR

CVE list

CVE-2016-5250 warning

CVE-2016-5261 critical

CVE-2016-2830 warning

CVE-2016-2835 high

CVE-2016-2836 high

CVE-2016-2837 high

CVE-2016-2838 high

CVE-2016-2839 warning

CVE-2016-5251 warning

CVE-2016-5252 high

CVE-2016-5253 warning

CVE-2016-5254 critical

CVE-2016-5255 high

CVE-2016-5258 high

CVE-2016-5259 high

CVE-2016-5260 warning

CVE-2016-5262 warning

CVE-2016-5263 high

CVE-2016-5264 high

CVE-2016-5265 warning

CVE-2016-5266 high

CVE-2016-5267 warning

CVE-2016-5268 warning

Solution

Update to the latest versionGet Mozilla Firefox

Get Mozilla Firefox ESR

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • RLF

Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conсrete program errors.

  • XSS/CSS

Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Firefox versions earlier than 48.0Firefox ESR versions earlier than 45.3

Related

openvas 36
ubuntu 1
archlinux 2
freebsd 1
suse 5
nessus 21
redhat 1
ibm 2
oraclelinux 1
mageia 1
centos 1
debian 2
osv 1
mozilla 14
gentoo 1
prion 12
nvd 16
cve 14
ubuntucve 14
cvelist 16
debiancve 16
redhatcve 14
veracode 6
threatpost 1
openvas
openvas
openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:2026-1)
2016-08-11 00:00:00
openSUSE: Security Advisory for MozillaFirefox, mozilla-nss (openSUSE-SU-2016:1964-1)
2016-08-08 00:00:00
Ubuntu: Security Advisory (USN-3044-1)
2016-08-06 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2016-08-05 00:00:00
archlinux
archlinux
firefox: multiple issues
2016-08-05 00:00:00
thunderbird: arbitrary code execution
2016-09-04 00:00:00
freebsd
freebsd
Mozilla -- multiple vulnerabilities
2016-08-02 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2016-08-11 01:09:01
Security update for MozillaFirefox, mozilla-nss (important)
2016-08-05 01:09:19
Security update for MozillaFirefox (important)
2016-08-22 20:09:28
nessus
nessus
openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-960)
2016-08-11 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3044-1)
2016-08-08 00:00:00
Firefox < 48 Multiple Vulnerabilities (Mac OS X)
2016-08-05 00:00:00
redhat
redhat
(RHSA-2016:1551) Critical: firefox security update
2016-08-03 04:36:50
ibm
ibm
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS.
2018-06-18 00:28:14
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified.
2018-06-18 00:28:14
oraclelinux
oraclelinux
firefox security update
2016-08-03 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerability
2016-08-09 11:58:37
centos
centos
firefox security update
2016-08-03 13:34:44
debian
debian
[SECURITY] [DSA 3640-1] firefox-esr security update
2016-08-03 19:02:42
[SECURITY] [DLA 585-1] firefox-esr security update
2016-08-04 08:55:22
osv
osv
firefox-esr - security update
2016-08-04 00:00:00
mozilla
mozilla
Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) β€” Mozilla
2016-08-02 00:00:00
Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter β€” Mozilla
2016-08-02 00:00:00
Crash in incremental garbage collection in JavaScript β€” Mozilla
2016-08-02 00:00:00
gentoo
gentoo
Mozilla Firefox, Thunderbird: Multiple vulnerabilities
2017-01-03 00:00:00
prion
prion
Hardcoded credentials
2016-08-05 01:59:00
Design/Logic Flaw
2016-08-05 01:59:00
Code injection
2016-08-05 01:59:00
nvd
nvd
CVE-2016-5253
2016-08-05 01:59:10
CVE-2016-5251
2016-08-05 01:59:08
CVE-2016-5255
2016-08-05 01:59:13
cve
cve
CVE-2016-5255
2016-08-05 01:59:13
CVE-2016-5253
2016-08-05 01:59:10
CVE-2016-5263
2016-08-05 01:59:19
ubuntucve
ubuntucve
CVE-2016-5253
2016-08-05 00:00:00
CVE-2016-5255
2016-08-03 00:00:00
CVE-2016-5264
2016-08-03 00:00:00
cvelist
cvelist
CVE-2016-5253
2016-08-05 01:00:00
CVE-2016-5255
2016-08-05 01:00:00
CVE-2016-5264
2016-08-05 01:00:00
debiancve
debiancve
CVE-2016-5253
2016-08-05 01:59:10
CVE-2016-5255
2016-08-05 01:59:13
CVE-2016-5263
2016-08-05 01:59:19
redhatcve
redhatcve
CVE-2016-5255
2016-08-03 05:18:40
CVE-2016-5263
2016-08-03 04:48:56
CVE-2016-5250
2016-08-03 05:18:28
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:46:13
Use-After-Free
2019-05-02 05:46:13
Use-After-Free
2019-05-02 05:46:12
threatpost
threatpost
Browser Address Bar Spoofing Vulnerability Disclosed
2016-08-17 12:54:21

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.0%

JSON
Related for KLA10852
openvas36ubuntu1archlinux2freebsd1suse5nessus21redhat1ibm2oraclelinux1mageia1centos1debian2osv1mozilla14gentoo1prion12nvd16cve14ubuntucve14cvelist16debiancve16redhatcve14veracode6threatpost1