Kaspersky LabKLA12374KLA12374 Multiple vulnerabilities in Mozilla Firefox
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.0%
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to spoof user interface, perform cross-site scripting attack, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code.
Below is a complete list of vulnerabilities:
- Security UI vulnerability can be exploited to spoof user interface.
- Cross-site scripting (XSS) vulnerability for Android can be exploited to perform cross-site scripting attack.
- Information disclosure vulnerability in XMLHttpRequest can be exploited to obtain sensitive information.
- Denial of service vulnerability in Location API can be exploited to cause denial of service.
- Information disclosure vulnerability in asynchronous function can be exploited to obtain sensitive information.
- Security bypass vulnerability in CSP sandbox directive can be exploited to bypass security restrictions.
- Heap buffer overflow vulnerability in structured clone can be exploited to cause denial of service.
- Use after free vulnerability in GC can be exploited to cause denial of service.
- Security UI vulnerability in full screen and pointer lock can be exploited to spoof user interface.
- Security UI vulnerability in cursor can be exploited to spoof user interface.
- Security bypass vulnerability in WebExtensions can be exploited to bypass security restrictions.
- Use after free vulnerability in fullscreen objects on MacOS can be exploited to cause denial of service.
- Memory safety vulnerability can be exploited to execute arbitrary code.
Original advisories
Related products
CVE list
CVE-2021-43541 high
CVE-2021-43544 high
CVE-2021-43542 high
CVE-2021-43545 high
CVE-2021-43536 high
CVE-2021-43543 high
CVE-2021-43537 critical
CVE-2021-43539 critical
CVE-2021-43538 warning
CVE-2021-43546 warning
CVE-2021-43540 high
CVE-2021-4128 high
CVE-2021-4129 critical
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- XSS/CSS
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Mozilla Firefox earlier than 95
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.0%