Kaspersky LabKLA12193KLA12193 Multiple vulnerabilities in Mozilla Firefox
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.7%
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, spoof user interface, execute arbitrary code, cause denial of service.
Below is a complete list of vulnerabilities:
- A security bypass vulnerability in private browsing mode on Android can be exploited to bypass security restrictions.
- A spoofing vulnerability in password manager on Android can be exploited to perform domain spoofing and obtain sensitive information.
- A memory safety vulnerability can be exploited to execute arbitrary code.
- A security bypass vulnerability can be exploited to bypass security restrictions.
- A denial of service vulnerability in popups on Android can be exploited to cause denial of service.
- A security bypass vulnerability in private browsing mode can be exploited to bypass security restrictions.
- A security UI vulnerability can be exploited to spoof user interface.
- An out of bounds read vulnerability can be exploited to obtain sensitive information or cause denial of service.
Original advisories
Related products
CVE list
CVE-2021-29963 warning
CVE-2021-29965 high
CVE-2021-29967 critical
CVE-2021-29959 warning
CVE-2021-29962 warning
CVE-2021-29960 warning
CVE-2021-29961 warning
CVE-2021-29966 critical
CVE-2021-29964 high
KB list
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Mozilla Firefox earlier than 89
References
support.microsoft.com/kb/4011698
support.microsoft.com/kb/5001922
support.microsoft.com/kb/5001934
support.microsoft.com/kb/5001939
support.microsoft.com/kb/5001942
support.microsoft.com/kb/5001943
support.microsoft.com/kb/5001944
support.microsoft.com/kb/5001945
support.microsoft.com/kb/5001946
support.microsoft.com/kb/5001947
support.microsoft.com/kb/5001950
support.microsoft.com/kb/5001951
support.microsoft.com/kb/5001953
support.microsoft.com/kb/5001954
support.microsoft.com/kb/5001955
support.microsoft.com/kb/5001956
support.microsoft.com/kb/5001962
support.microsoft.com/kb/5001963
statistics.securelist.com/
threats.kaspersky.com/en/product/Mozilla-Firefox/
www.mozilla.org/en-US/security/advisories/mfsa2021-23/
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.7%