Detect date
?
|
09/28/2017 |
Severity
?
|
Critical |
Description
|
Multiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, obtain sensitive information and perform cross-site scripting. Below is complete list of vulnerabilities:
Technical details Vulnerability (2) only affects Firefox for Android. Other operating systems are not affected. Vulnerability (3) occurs in design mode while resizing images. Vulnerability (7) only affects OS X operating system. Other operating systems are not affected. Vulnerability (14) only affects Firefox for Android. Other operating systems are not affected. Vulnerability (15) only affects installations with e10 multiprocess turned off. Vulnerabilities 1-9 are related to Mozilla Firefox ESR. All vulnerabilities are related to Mozilla Firefox. NB: Not every vulnerability already has CVSS rating, so cumulative CVSS rating can be not representative. NB: This vulnerability does not have any public CVSS rating, so rating can be changed by the time. NB: At this moment Mozilla has just reserved CVE numbers for these vulnerabilities. Information can be changed soon. |
Affected products
|
Mozilla Firefox versions earlier than 56 |
Solution
|
Update to the latest version |
Original advisories
|
|
Impacts
?
|
ACE [?] OSI [?] DoS [?] SB [?] RLF [?] XSS/CSS [?] SUI [?] |
Related products
|
Mozilla Firefox Mozilla Firefox ESR |
CVE-IDS
?
|
CVE-2017-77939.8Critical
CVE-2017-78189.8Critical CVE-2017-78199.8Critical CVE-2017-78249.8Critical CVE-2017-78057.5Critical CVE-2017-78147.8Critical CVE-2017-78255.3High CVE-2017-78235.4High CVE-2017-78109.8Critical CVE-2017-78175.0Critical CVE-2017-78125.0Critical CVE-2017-78136.4High CVE-2017-78155.0Critical CVE-2017-78165.0Critical CVE-2017-78217.5Critical CVE-2017-78225.0Critical CVE-2017-78205.0Critical CVE-2017-78119.8Critical |