7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.935 High
EPSS
Percentile
99.1%
Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, make code injection, run arbitrary code, bypass security restrictions, cause a denial of service.
Below is a complete list of vulnerabilities
Technical details
Vulnerability (5) can be caused by using insecure methods of creating a communication channel for copying and viewing JSON or HTTP headers data.
Vulnerability (12) can be caused by modifying the CSP headers with the appropriate permissions and using host requests to redirect script loads to a malicious site.
By exploiting vulnerability (13) remote attacker can save certificate content in unsafe locations with an arbitrary filename.
Vulnerability (17) can be caused by a series of JavaScript events combined with fullscreen mode or scrolling out of the existing location bar on the new page.
Vulnerability (18) can be caused by web content using pages that can load privileged about: pages in an iframe.
Vulnerability (22) can be caused by sending of large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems.
Vulnerabilities 10-22 are only for Mozilla Firefox.
NB: This vulnerability have no public CVSS rating so rating can be changed by the time.
NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities. Information can be changed soon.
Public exploits exist for this vulnerability.
CVE-2017-5375 critical
CVE-2017-5376 critical
CVE-2017-5378 warning
CVE-2017-5380 critical
CVE-2017-5390 critical
CVE-2017-5396 critical
CVE-2017-5383 warning
CVE-2017-5373 critical
CVE-2017-5377 critical
CVE-2017-5379 warning
CVE-2017-5389 high
CVE-2017-5381 warning
CVE-2017-5382 warning
CVE-2017-5384 warning
CVE-2017-5385 warning
CVE-2017-5386 critical
CVE-2017-5394 high
CVE-2017-5391 critical
CVE-2017-5392 critical
CVE-2017-5393 warning
CVE-2017-5395 warning
CVE-2017-5387 warning
CVE-2017-5388 warning
CVE-2017-5374 critical
Update to latest versionMozilla Firefox
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.935 High
EPSS
Percentile
99.1%