DIESER SERVICE KANN ÜBERSETZUNGEN VON GOOGLE ENTHALTEN. GOOGLE ÜBERNIMMT KEINERLEI VERANTWORTUNG FÜR DIE ÜBERSETZUNGEN. DARUNTER FÄLLT JEGLICHE VERANTWORTUNG IN BEZUG AUF RICHTIGKEIT UND ZUVERLÄSSIGKEIT SOWIE JEGLICHE STILLSCHWEIGENDEN GEWÄHRLEISTUNGEN DER MARKTGÄNGIGKEIT, NICHT-VERLETZUNG VON RECHTEN DRITTER ODER DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK. Die Website von Kaspersky Lab wurde für Ihre Bequemlichkeit mithilfe einer Übersetzungssoftware von Google Translate übersetzt. Es wurden angemessene Bemühungen für die Bereitstellung einer akkuraten Übersetzung unternommen. Bitte beachten Sie, dass automatisierte Übersetzungen nicht perfekt sind und menschliche Übersetzer in keinem Fall ersetzen sollen. Übersetzungen werden den Nutzern der Kaspersky-Lab-Website als Service und "wie sie sind" zur Verfügung gestellt. Die Richtigkeit, Zuverlässigkeit oder Korrektheit jeglicher Übersetzungen aus dem Englischen in eine andere Sprache wird weder ausdrücklich noch stillschweigend garantiert. Einige Inhalte (z. B. Bilder, Videos, Flash, usw.) können aufgrund der Einschränkungen der Übersetzungssoftware möglicherweise nicht inhaltsgetreu übersetzt werden.
Lösungen für:
Privatanwender
Unternehmen
Unternehmen
Unternehmen
Schwachstellen Bedrohungen
Home Schwachstellen

Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Kaspersky ID:
KLA11082
Erkennungsdatum:
08/08/2017
Aktualisiert:
03/29/2019

Beschreibung

Multiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, privilege escalation, spoof user interface, bypass security restrictions, obtain sensitive information and execute arbitrary code.

Below is complete list of vulnerabilities:

  1. A XUL injection vulnerability in the Developer Tools can be exploited remotely by opening a specially designed page in the style editor tool to execute arbitrary code;
  2. A use-after-free vulnerability related to Websocket connection holding objects can be exploited remotely to cause a denial of service;
  3. A use-after-free vulnerability related to re-computing layout for a marquee element during window resizing can be exploited remotely to cause a denial of service;
  4. A use-after-free vulnerability related to tree traversal with prematurely deleted editor DOM node can be exploited to cause a denial of service;
  5. A use-after-free vulnerability related to reading an image observer during frame reconstruction can be exploited to cause a denial of service;
  6. A use-after-free vulnerability related to image element resizing can be exploited to cause a denial of service;
  7. A buffer overflow vulnerability related to Accessible Rich Internet Applications (ARIA) attributes can be exploited to cause a denial of service;
  8. A buffer overflow vulnerability which occur when the image renderer attempts to paint non-displayable SVG elements can be exploited remotely to cause a denial of service;
  9. An out-of-bounds read vulnerability related to cached style data and pseudo-elements can be exploited remotely possibly to cause a denial of service or obtain sensitive information;
  10. An improper handling of bypassing the same-origin policy protections can be exploited remotely via embedded iframes while page reloads to obtain sensitive information;
  11. A vulnerability related to the AppCache can be exploited remotely possibly to bypass security restrictions and obtain sensitive information;
  12. A buffer overflow vulnerability related to certificate manager can be exploited remotely via a specially designed certificate to cause a denial of service;
  13. A vulnerability in the destructor function for the WindowsDllDetourPatcher can be exploited remotely via specially designed code in concern with another vulnerabilities to bypass security restrictions;
  14. An unspecified vulnerability in the data: protocol can be exploited remotely via pages containing an iframe to spoof user interface;
  15. An improper memory allocation in WindowsDllDetourPatcher function can be exploited remotely to execute arbitrary code;
  16. A vulnerability related to content security policy (CSP) component can be exploited remotely via specially designed web page to bypass security restrictions;
  17. A use-after-free vulnerability related to specific SVG content rendering done by layer manager can be exploited remotely to cause a denial of service;
  18. A vulnerability related to content security policy (CSP) component can be exploited remotely to obtain sensitive information;
  19. A vulnerability related to elliptic curve point addition algorithm can be exploited remotely with an unknown impact;
  20. An unspecified vulnerability in sandbox broker can be exploited remotely via a compromised content process to gain privileges;
  21. An improper satitizing of JavaScript assigned to innerHTML in the about:webrtc page can be exploited remotely to perform coss-site scripting;
  22. An incorrect handling of long username/password combination in a site URL can be exploited remotely via a specially designed URL to cause a denial of service;
  23. A vulnerability related to sandboxed about:srcdoc iframes can be exploited remotely to bypass security (CSP – Content Security Policy) restrictions;
  24. A vulnerability related to STS Header Handler component can be exploited remotely to gain privileges;
  25. An improper handling of some non-null-terminated registry values in Crash Reporter component can be exploited locally to obtain private sensitive information;
  26. An unspecified vulnerability in Windows updater can be exploited locally to delete files named „update.log“;
  27. A vulnerability related to response header name interning can be exploited remotely to bypass same-origin restrictions;
  28. Multiple memory corruption vulnerabilities which occur because of memory safety bugs can be exploited remotely to execute arbitrary code.

Technical details

Vulnerability (1) occurs because of improper sanitization of the web page source code.

In case of vulnerability (12), denial of service occurs during at attempt of viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID).

Vulnerability (13) allows malicious users to write arbitrary data to the special location in memory controlled by them.

Vulnerability (13), (15), (25), (26) affect Windows operating systems only.

Vulnerability (15) exists because of error which occurs because of violation of DEP protection – RWX (Read/Write/Execute) block is allocated but never protected.

Vulnerability (19) exists because an algorithm uses mixed Jacobian-affine coordinates which can return a result POINT_AT_INFINITY, which leads to an attacked party computing an incorrect shared secret.

Vulnerability (20) affects Linux-based operating systems only.

Vulnerability (20) exists because the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions.

In case of vulnerability (21), data on about:webrtc page is supplied by WebRTC usage and is not under third-party control.

In case of vulnerability (24), if a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection.

Vulnerabilities 1-16 are related to Mozilla Firefox ESR.

All vulnerabilities are related to Mozilla Firefox.

NB: These vulnerabilities do not have any public CVSS rating, so rating can be changed by the time.

NB: At this moment Mozilla has just reserved CVE numbers for these vulnerabilities. Information can be changed soon.

Ursprüngliche Informationshinweise

CVE Liste

  • CVE-2017-7786
    critical
  • CVE-2017-7753
    critical
  • CVE-2017-7787
    critical
  • CVE-2017-7807
    critical
  • CVE-2017-7792
    critical
  • CVE-2017-7804
    critical
  • CVE-2017-7791
    critical
  • CVE-2017-7782
    critical
  • CVE-2017-7803
    critical
  • CVE-2017-7779
    critical
  • CVE-2017-7800
    critical
  • CVE-2017-7801
    critical
  • CVE-2017-7809
    critical
  • CVE-2017-7784
    critical
  • CVE-2017-7802
    critical
  • CVE-2017-7785
    critical
  • CVE-2017-7798
    critical
  • CVE-2017-7806
    critical
  • CVE-2017-7808
    critical
  • CVE-2017-7781
    critical
  • CVE-2017-7794
    critical
  • CVE-2017-7799
    critical
  • CVE-2017-7783
    critical
  • CVE-2017-7788
    critical
  • CVE-2017-7789
    critical
  • CVE-2017-7790
    critical
  • CVE-2017-7796
    critical
  • CVE-2017-7797
    critical
  • CVE-2017-7780
    critical

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com

Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!
Neu: Kaspersky!
Dein digitales Leben verdient umfassenden Schutz!
Erfahren Sie mehr
Kaspersky Next
Let´s go Next: Cybersicherheit neu gedacht
Erfahren Sie mehr
Related articles
24 April 2024
Securelist
Assessing the Y, and How, of the XZ Utils incident
22 April 2024
Securelist
ToddyCat is making holes in your infrastructure
18 April 2024
Securelist
DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
17 April 2024
Securelist
SoumniBot: the new Android banker’s unique techniques
15 April 2024
Securelist
Using the LockBit builder to generate targeted ransomware
12 April 2024
Securelist
XZ backdoor story – Initial analysis
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden?
Falls Sie eine neue Bedrohung oder Schwachstelle gefunden haben, können Sie uns dies gerne per Mail mitteilen.
newvirus@kaspersky.com
Sie haben eine neue Bedrohung oder Schwachstelle gefunden?
Falls Sie eine neue Bedrohung oder Schwachstelle gefunden haben, können Sie uns dies gerne per Mail mitteilen.
newvirus@kaspersky.com
Lösungen für
Privatanwender
Unternehmen
Unternehmen
Unternehmen
Select language
Sorting
Kaspersky ID
Schwachstellen
Detect date
Schweregrad
Confirm changes?
Your message has been sent successfully.