10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
10 High
AI Score
Confidence
High
0.122 Low
EPSS
Percentile
95.4%
Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, gain privileges, execute arbitrary code, perform XSS attacks and bypass security restrictions. Below is a complete list of vulnerabilities:
Technical details
Vulnerabilities (6)-(15) and (17)-(19), (21), (22) only affects Mozilla Firefox;
Vulnerability (20) only affects Mozilla Firefox ESR;
Vulnerability (16) only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems.
NB: At this moment Mozilla has just reserved CVE numbers for these vulnerabilities. Information can be changed soon.
Mozilla Foundation Security Advisory 2018-11
Mozilla Foundation Security Advisory 2018-12
Public exploits exist for this vulnerability.
CVE-2018-5154 critical
CVE-2018-5155 critical
CVE-2018-5157 warning
CVE-2018-5158 high
CVE-2018-5159 critical
CVE-2018-5160 warning
CVE-2018-5152 warning
CVE-2018-5153 warning
CVE-2018-5163 high
CVE-2018-5164 warning
CVE-2018-5166 warning
CVE-2018-5167 warning
CVE-2018-5168 warning
CVE-2018-5169 warning
CVE-2018-5172 warning
CVE-2018-5173 warning
CVE-2018-5174 warning
CVE-2018-5175 warning
CVE-2018-5176 warning
CVE-2018-5177 warning
CVE-2018-5165 warning
CVE-2018-5180 warning
CVE-2018-5181 warning
CVE-2018-5182 warning
CVE-2018-5151 critical
CVE-2018-5150 critical
CVE-2018-5183 critical
CVE-2018-5178 high
CVE-2018-5179 warning
Update to the latest versionDownload Mozilla Firefox
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
10 High
AI Score
Confidence
High
0.122 Low
EPSS
Percentile
95.4%