7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.579 Medium
EPSS
Percentile
97.7%
Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, bypass security restrictions, gain privileges and read/write local files.
Below is a complete list of vulnerabilities:
Technical details
Vulnerability (23) can affect displayed text so that the loaded site will look different from the one which is to be loaded within the adressbar.
Vulnerability (29) occurs because unitialized values are used to create an array.
Vulnerability (31) occurs because in the NSS library the internal state V does not correctly carry bits over.
Vulnerabilities 1-24 are related for Mozilla Firefox ESR before 45.9
Vulnerabilities 1-31 are related for Mozilla Firefox ESR before 52.1
All vulnerabilities are related for Mozilla Firefox.
NB: This vulnerability have no public CVSS rating so rating can be changed by the time.
NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities. Information can be changed soon.
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
CVE-2016-10197 warning
CVE-2017-5461 critical
CVE-2016-6354 critical
CVE-2017-5433 critical
CVE-2017-5435 critical
CVE-2017-5436 high
CVE-2017-5459 critical
CVE-2017-5466 warning
CVE-2017-5434 critical
CVE-2017-5432 critical
CVE-2017-5460 critical
CVE-2017-5438 critical
CVE-2017-5439 critical
CVE-2017-5440 critical
CVE-2017-5441 critical
CVE-2017-5442 critical
CVE-2017-5464 critical
CVE-2017-5443 critical
CVE-2017-5444 warning
CVE-2017-5446 critical
CVE-2017-5447 high
CVE-2017-5465 high
CVE-2017-5454 warning
CVE-2017-5469 critical
CVE-2017-5445 warning
CVE-2017-5449 warning
CVE-2017-5451 warning
CVE-2017-5462 warning
CVE-2017-5467 warning
CVE-2017-5430 critical
CVE-2017-5429 critical
CVE-2016-10195 critical
CVE-2016-10196 warning
CVE-2017-5448 critical
CVE-2017-5455 warning
CVE-2017-5456 critical
CVE-2017-5450 warning
CVE-2017-5463 warning
CVE-2017-5452 warning
CVE-2017-5453 warning
CVE-2017-5458 warning
CVE-2017-5468 high
Update to the latest versionDownload Mozilla Firefox
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conсrete program errors.
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/
threats.kaspersky.com/en/product/Mozilla-Firefox/
www.mozilla.org/en-US/security/advisories/mfsa2017-10/
www.mozilla.org/en-US/security/advisories/mfsa2017-11/
www.mozilla.org/en-US/security/advisories/mfsa2017-12/
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.579 Medium
EPSS
Percentile
97.7%