Kaspersky Threats

Detect date

?

12/03/2019

Severity

?

High

Description

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

Incorrectly image loading vulnerability in Mozilla Firefox can be exploited remotely via specially designed website to obtain sensitive information
Race condition vulnerability in Resist Fingerprinting can be exploited remotely via specially designed website to cause denial of service;
Stack corruption due to incorrect number of arguments in WebRTC code can be exploited remotely via specially designed website to cause denial of service;
Use-after-free vulnerability in SFTKSession object can be exploited remotely via specially designed website to cause denial of service;
Incorrect temporary files access configuration of Mozilla updater service can be exploited locally to bypass security restrictions;
Use-after-free vulnerability in DocShell can be exploited remotely via specially designed website to cause denial of service;
Buffer overflow vulnerability in plain Firefox text serializer can be exploited remotely via specially designed website to cause denial of service;
Use-after-free vulnerability in worker destruction can be exploited remotely via specially designed website to cause denial of service;
Out of bounds write vulnerability in NSS can be exploited remotely via specially designed website to cause denial of service;

Affected products

Mozilla Firefox earlier than 71

Solution

Update to the latest version
Download Mozilla Firefox

Original advisories

mfsa2019-36

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

Detect date ?	12/03/2019
Severity ?	High
Description	Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: Incorrectly image loading vulnerability in Mozilla Firefox can be exploited remotely via specially designed website to obtain sensitive information Race condition vulnerability in Resist Fingerprinting can be exploited remotely via specially designed website to cause denial of service; Stack corruption due to incorrect number of arguments in WebRTC code can be exploited remotely via specially designed website to cause denial of service; Use-after-free vulnerability in SFTKSession object can be exploited remotely via specially designed website to cause denial of service; Incorrect temporary files access configuration of Mozilla updater service can be exploited locally to bypass security restrictions; Use-after-free vulnerability in DocShell can be exploited remotely via specially designed website to cause denial of service; Buffer overflow vulnerability in plain Firefox text serializer can be exploited remotely via specially designed website to cause denial of service; Use-after-free vulnerability in worker destruction can be exploited remotely via specially designed website to cause denial of service; Out of bounds write vulnerability in NSS can be exploited remotely via specially designed website to cause denial of service;
Affected products	Mozilla Firefox earlier than 71
Solution	Update to the latest version Download Mozilla Firefox
Original advisories	mfsa2019-36
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?]
Related products	Mozilla Firefox
CVE-IDS ?	CVE-2019-170144.3Warning CVE-2019-170126.8High CVE-2019-170105.1High CVE-2019-170136.8High CVE-2019-137224.3Warning CVE-2019-117566.8High CVE-2019-170094.6Warning CVE-2019-170115.1High CVE-2019-170056.8High CVE-2019-170086.8High CVE-2019-117456.8High
	Find out the statistics of the vulnerabilities spreading in your region

KLA11611Multiple vulnerabilities in Mozilla Firefox

KLA11611
Multiple vulnerabilities in Mozilla Firefox