Kaspersky LabKLA11942KLA11942 Multiple vulnerabilities in Mozilla Firefox
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.2%
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, spoof user interface.
Below is a complete list of vulnerabilities:
- MediaError Message vulnerability can be exploited to security bypass restrictions and obtain sensitive information.
- Data Race vulnerability can be exploited to security bypass restrictions and cause denial of service.
- Converting coordinates vulnerability can be exploited to bypass security restrictions.
- Elevation of privilege vulnerability on Windows can be exploited to bypass security restrictions, gain privileges and execute arbitrary code.
- Security UI vulnerability in address bar can be exploited to perform domain spoofing.
- Security UI vulnerability in eval() function can be exploited to spoof user interface and execute arbitrary code.
- ECDSA signature generation vulnerability can be exploited to security bypass restrictions.
- Memory safety vulnerabilities can be exploited to execute arbitrary code.
- EC scalar point multiplication vulnerability can be exploited to obtain sensitive information.
- Heap overflow vulnerability can be exploited to potentially cause denial of service and execute arbitrary code.
Original advisories
Related products
CVE list
CVE-2020-15666 high
CVE-2020-15668 warning
CVE-2020-12400 warning
CVE-2020-15663 critical
CVE-2020-15665 warning
CVE-2020-15664 high
CVE-2020-12401 warning
CVE-2020-15670 critical
CVE-2020-6829 high
CVE-2020-15667 critical
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Mozilla Firefox earlier than 80
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.2%