Kaspersky LabKLA11628KLA11628 Multiple vulnerabilities in Mozilla Firefox
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
85.5%
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack.
Below is a complete list of vulnerabilities:
- ACE vulnerability on Windows can be exploited locally.
- Memory corruption vulnerability can be exploited locally to execute arbitrary code.
- Memory corruption vulnerability on Windows can be exploited locally to obtain sensitive information.
- Bypass security vulnerability can be exploited locally to obtain sensitive information.
- Type confusion vulnerability can be exploited locally to execute arbitrary code.
- Bypass security vulnerability can be exploited locally to use lower protocol that TLS 1.3.
- CSS sanitization vulnerability can be exploited locally.
- Bypass security vulnerability on Windows can be exploited locally to obtain sensitive information.
- Memory corruption vulnerability on Windows can be exploited locally to cause denial of service.
Original advisories
Related products
CVE list
CVE-2019-17019 high
CVE-2019-17024 high
CVE-2019-17021 warning
CVE-2019-17016 warning
CVE-2019-17017 high
CVE-2019-17025 high
CVE-2019-17023 warning
CVE-2019-17022 warning
CVE-2019-17020 warning
CVE-2019-17018 warning
CVE-2019-17015 high
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- XSS/CSS
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Mozilla Firefox earlier than 72
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
85.5%