Kaspersky Threats

Solutions for:

Kaspersky ID:

KLA10732

Detect Date:

12/22/2015

Updated:

01/22/2024

Description

Lack of security enforcement was found in Mozilla Firefox. By exploiting this vulnerability malicious users can conduct man-in-the-middle attack. This vulnerability can be exploited remotely via a collision-based attacks.

Technical details

This vulnerability caused by not rejecting MD5 signatures in TLS 1.2 Handshake Protocol traffic.

Original advisories

Mozilla advisory

CVE list

CVE-2015-7575
warning

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Kaspersky ID:

KLA10732

Detect Date:

12/22/2015

Updated:

01/22/2024

Severity

warning

Solution

Update to the latest version
Download Firefox ESR
Download Firefox

Impacts

OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

LoI

Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.

Affected products

Firefox versions earlier than 43.0.2
Firefox ESR versions earlier than 38.5.2

Kaspersky Next

Let’s go Next: redefine your business’s cybersecurity

Learn more

New Kaspersky!

Your digital life deserves complete protection!

Learn more

Confirm changes?

Your message has been sent successfully.

Security bypass vulnerability in Mozilla Firefox and Firefox ESR

Description

Original advisories

Related products

CVE list

Read more