Lucene search

Kaspersky LabKLA12520

HistoryMay 03, 2022 - 12:00 a.m.

KLA12520 Multiple vulnerabilities in Mozilla Firefox

2022-05-0300:00:00

Kaspersky Lab

threats.kaspersky.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.4%

JSON

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

Memory safety vulnerability can be exploited to execute arbitrary code.
An elevation of privilege vulnerability in iframe Sandbox can be exploited remotely to gain privileges.
Bypassing permission prompt in nested browsing contexts can be exploited to bypass security restrictions.
Leaking cross-origin redirect can be exploited to bypass security restrictions.
Fullscreen notification bypass using popups can be exploited to spoof user interface.
Security vulnerability in reader mode can be exploited to bypass security restrictions.
Security vulnerability can be exploited to bypass security restrictions.
Leaking browser history with CSS variables can be exploited to obtain sensitive information.

Original advisories

MFSA2022-16

Related products

Mozilla-Firefox

CVE list

CVE-2022-29917 critical

CVE-2022-29911 high

CVE-2022-29909 critical

CVE-2022-29915 warning

CVE-2022-29914 high

CVE-2022-29918 critical

CVE-2022-29912 high

CVE-2022-29910 high

CVE-2022-29916 high

Solution

Update to the latest version

Download Firefox

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.