..
Click anywhere to stop
Click anywhere to stop
Detect date
?
|
08/27/2015 |
Severity
?
|
Critical |
Description
|
Multiple serious vulnerabilities have been found in Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or execute arbitrary code. Below is a complete list of vulnerabilities
Technical details (1) can be exploited via a specially designed <canvas> element. Occurs when resize event coacts with style changes which causes recreation of original canvas reference. Normally when user enters the URL to an add-on directly warnings are bypassed because it’s result of direct user action. data: URL could be manipulated to simulate direct user input to exploit (2). Also URL can be spoofed to manipulate user into falsely believing that installation was initiated by trusted site. |
Affected products
|
Mozilla Firefox versions earlier than 40.0.3 |
Solution
|
Update to the latest version |
Original advisories
|
|
Impacts
?
|
ACE [?] DoS [?] SB [?] |
Related products
|
Mozilla Firefox Mozilla Firefox ESR |
CVE-IDS
?
|
|
Find out the statistics of the vulnerabilities spreading in your region |