Kaspersky LabKLA11546KLA11546 Multiple vulnerabilities in Mozilla Firefox
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
85.9%
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions, gain privileges, obtain sensitive information.
Below is a complete list of vulnerabilities:
- A vulnerability can be exploited remotely to execute arbitrary code;
- Multiple use-after-free vulnerabilities can be exploited remotely to cause denial of service;
- A vulnerability can be exploited remotely to perform cross-site scripting attacks;
- A type confusion vulnerability can be exploited to cause denial of service;
- A sandbox escape vulnerability can be exploited to bypass security restrictions;
- A same-origin policy violation vulnerability can be exploited to bypass security restrictions;
- Multiple race condition vulnerabilities in Mozilla Maintenance Service can be exploited to gain privileges;
- Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code;
- A vulnerability in WebRTC can be exploited to bypass security restrictions;
- An out-of-bounds read vulnerability in Skia can be exploited to obtain sensitive information;
- A cross-origin access vulnerability can be exploited to bypass security restrictions;
Original advisories
Related products
CVE list
CVE-2019-11751 high
CVE-2019-11752 critical
CVE-2019-11735 high
CVE-2019-11746 high
CVE-2019-9812 high
CVE-2019-11750 warning
CVE-2019-11742 warning
CVE-2019-11738 high
CVE-2019-11749 warning
CVE-2019-11753 warning
CVE-2019-11736 warning
CVE-2019-11748 warning
CVE-2019-11740 high
CVE-2019-11747 warning
CVE-2019-11744 warning
CVE-2019-11743 warning
CVE-2019-11734 critical
CVE-2019-11741 warning
CVE-2019-11737 warning
CVE-2019-5849 high
CVE-2019-11758 high
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
- XSS/CSS
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Mozilla Firefox earlier than 69
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
85.9%