Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA20113
HistoryDec 13, 2022 - 12:00 a.m.

KLA20113 Multiple vulnerabilities in Mozilla Firefox

2022-12-1300:00:00
Kaspersky Lab
threats.kaspersky.com
65

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

  1. Memory safety vulnerability can be exploited to execute arbitrary code.
  2. Code execution vulnerability in Download Protection can be exploited to execute arbitrary code.
  3. Information disclosure vulnerability in Content process can be exploited to obtain sensitive information.
  4. Security bypass vulnerability in CSP directive can be exploited to bypass security restrictions.
  5. Code execution vulnerability in Drag and Drop can be exploited to execute arbitrary code.
  6. Security UI vulnerability in Fullscreen notification can be exploited to spoof user interface.
  7. Security bypass vulnerability in libusrsctp can be exploited to bypass security restrictions.

Original advisories

MFSA2022-51

Related products

Mozilla-Firefox

CVE list

CVE-2022-46878 critical

CVE-2022-46875 high

CVE-2022-46872 critical

CVE-2022-46873 critical

CVE-2022-46874 critical

CVE-2022-46877 warning

CVE-2022-46879 critical

CVE-2022-46871 critical

Solution

Update to the latest version

Download Firefox

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Mozilla Firefox earlier than 108.0

Related

mozilla 4
ubuntu 3
openvas 24
nessus 52
osv 12
slackware 3
kaspersky 2
altlinux 3
ibm 1
redos 4
gentoo 2
redhat 16
mageia 3
oraclelinux 6
debian 4
almalinux 4
rocky 2
veracode 5
cve 6
debiancve 7
ubuntucve 6
cnvd 3
redhatcve 4
alpinelinux 2
cvelist 8
prion 7
nvd 6
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 108 — Mozilla
2022-12-13 00:00:00
Security Vulnerabilities fixed in Thunderbird 102.6 — Mozilla
2022-12-13 00:00:00
Security Vulnerabilities fixed in Firefox ESR 102.6 — Mozilla
2022-12-13 00:00:00
ubuntu
ubuntu
Firefox regressions
2023-01-10 00:00:00
Firefox vulnerabilities
2022-12-15 00:00:00
Firefox regressions
2023-01-05 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2022-51) - Linux
2022-12-14 00:00:00
Mozilla Firefox Security Advisories (MFSA2022-51, MFSA2022-53) - Mac OS X
2022-12-16 00:00:00
Ubuntu: Security Advisory (USN-5782-2)
2023-01-06 00:00:00
nessus
nessus
Mozilla Firefox < 108.0
2022-12-13 00:00:00
Mozilla Firefox < 108.0
2022-12-13 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5782-1)
2022-12-15 00:00:00
osv
osv
firefox regressions
2023-01-05 13:30:13
firefox regressions
2023-01-10 06:37:50
firefox vulnerabilities
2022-12-15 07:08:35
slackware
slackware
[slackware-security] mozilla-thunderbird
2022-12-14 21:30:37
[slackware-security] mozilla-firefox
2022-12-14 21:30:17
[slackware-security] mozilla-thunderbird
2022-12-22 03:47:13
kaspersky
kaspersky
KLA20115 Multiple vulnerabilities in Mozilla Thunderbird
2022-12-13 00:00:00
KLA20114 Multiple vulnerabilities in Mozilla Firefox ESR
2022-12-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 102.6.0-alt1
2022-12-22 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 102.6.0-alt1
2022-12-23 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 102.6.1-alt1
2022-12-29 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.6ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16
2023-02-15 10:00:54
redos
redos
ROS-20230127-01
2023-01-27 00:00:00
ROS-20230124-04
2023-01-24 00:00:00
ROS-20221229-02
2022-12-29 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple Vulnerabilities
2023-05-03 00:00:00
Mozilla Thunderbird: Multiple Vulnerabilities
2023-05-03 00:00:00
redhat
redhat
(RHSA-2022:9071) Important: firefox security update
2022-12-15 15:40:28
(RHSA-2022:9070) Important: firefox security update
2022-12-15 15:39:55
(RHSA-2022:9069) Important: firefox security update
2022-12-15 15:38:06
mageia
mageia
Updated thunderbird packages fix security vulnerability
2022-12-17 23:37:44
Updated firefox packages fix security vulnerability
2022-12-17 23:37:44
Updated thunderbird packages fix security vulnerability
2022-12-31 01:39:00
oraclelinux
oraclelinux
firefox security update
2022-12-16 00:00:00
firefox security update
2022-12-15 00:00:00
firefox security update
2022-12-16 00:00:00
debian
debian
[SECURITY] [DLA 3242-1] thunderbird security update
2022-12-15 18:22:21
[SECURITY] [DLA 3241-1] firefox-esr security update
2022-12-15 18:16:56
[SECURITY] [DSA 5301-1] firefox-esr security update
2022-12-14 18:15:26
almalinux
almalinux
Important: firefox security update
2022-12-15 00:00:00
Important: firefox security update
2022-12-15 00:00:00
Important: thunderbird security update
2022-12-15 00:00:00
rocky
rocky
firefox security update
2022-12-15 15:32:10
thunderbird security update
2023-01-14 01:54:53
veracode
veracode
Remote Code Execution
2022-12-15 23:25:35
Denial Of Service (DoS)
2022-12-15 23:25:39
Remote Code Execution
2022-12-15 23:25:36
cve
cve
CVE-2022-46879
2022-12-22 20:15:47
CVE-2022-46873
2022-12-22 20:15:46
CVE-2022-46875
2022-12-22 20:15:46
debiancve
debiancve
CVE-2022-46879
2022-12-22 20:15:47
CVE-2022-46873
2022-12-22 20:15:46
CVE-2022-46875
2022-12-22 20:15:46
ubuntucve
ubuntucve
CVE-2022-46873
2022-12-14 00:00:00
CVE-2022-46879
2022-12-14 00:00:00
CVE-2022-46875
2022-12-22 00:00:00
cnvd
cnvd
Mozilla Firefox Memory Corruption Vulnerability (CNVD-2023-05213)
2022-12-19 00:00:00
Mozilla Firefox Injection Vulnerability (CNVD-2023-03055)
2023-01-06 00:00:00
Mozilla Firefox Memory Corruption Vulnerability (CNVD-2023-75349)
2022-12-19 00:00:00
redhatcve
redhatcve
CVE-2022-46875
2022-12-14 16:05:09
CVE-2022-46874
2022-12-14 16:04:59
CVE-2022-46871
2023-01-19 12:05:54
alpinelinux
alpinelinux
CVE-2022-46875
2022-12-22 20:15:46
CVE-2022-46872
2022-12-22 20:15:45
cvelist
cvelist
CVE-2022-46873
2022-12-22 00:00:00
CVE-2022-46879
2022-12-22 00:00:00
CVE-2022-46875
2022-12-22 00:00:00
prion
prion
Code injection
2022-12-22 20:15:00
Memory corruption
2022-12-22 20:15:00
Command injection
2022-12-22 20:15:00
nvd
nvd
CVE-2022-46873
2022-12-22 20:15:46
CVE-2022-46879
2022-12-22 20:15:47
CVE-2022-46875
2022-12-22 20:15:46

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON
Related for KLA20113
mozilla4ubuntu3openvas24nessus52osv12slackware3kaspersky2altlinux3ibm1redos4gentoo2redhat16mageia3oraclelinux6debian4almalinux4rocky2veracode5cve6debiancve7ubuntucve6cnvd3redhatcve4alpinelinux2cvelist8prion7nvd6