Kaspersky Threats

Detect date

?

02/23/2021

Severity

?

High

Description

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code, spoof user interface, perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

A pointer operation vulnerability can be exploited to cause denial of service.
A security bypass vulnerability can be exploited to bypass security restrictions.
A HTTP Auth phishing vulnerability can be exploited to obtain sensitive information.
OSI vulnerability in MediaError message property can be exploited to obtain sensitive information.
A memory safety vulnerability can be exploited to execute arbitrary code.
A security vulnerability in Referrer-Policy can be exploited to obtain sensitive information.
A security bypass vulnerability in Content Security Policy violation report to obtain sensitive information.
A security UI vulnerability in web manifests for Android can be exploited to spoof user interface.
A time-of-check-time-of-use vulnerability in application directories on Android can be exploited to obtain sensitive information.
A cross-site-scripting (XSS) vulnerability in the DOMParser API can be exploited to perform cross-site scripting attack.

Affected products

Mozilla Firefox earlier than 86

Solution

Update to the latest version
Download Firefox

Original advisories

MFSA2021-07

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

XSS/CSS

[?]

SUI

[?]

Detect date ?	02/23/2021
Severity ?	High
Description	Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code, spoof user interface, perform cross-site scripting attack. Below is a complete list of vulnerabilities: A pointer operation vulnerability can be exploited to cause denial of service. A security bypass vulnerability can be exploited to bypass security restrictions. A HTTP Auth phishing vulnerability can be exploited to obtain sensitive information. OSI vulnerability in MediaError message property can be exploited to obtain sensitive information. A memory safety vulnerability can be exploited to execute arbitrary code. A security vulnerability in Referrer-Policy can be exploited to obtain sensitive information. A security bypass vulnerability in Content Security Policy violation report to obtain sensitive information. A security UI vulnerability in web manifests for Android can be exploited to spoof user interface. A time-of-check-time-of-use vulnerability in application directories on Android can be exploited to obtain sensitive information. A cross-site-scripting (XSS) vulnerability in the DOMParser API can be exploited to perform cross-site scripting attack.
Affected products	Mozilla Firefox earlier than 86
Solution	Update to the latest version Download Firefox
Original advisories	MFSA2021-07
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] XSS/CSS [?] SUI [?]
Related products	Mozilla Firefox
CVE-IDS ?	CVE-2021-239754.3Warning CVE-2021-239704.3Warning CVE-2021-239726.8High CVE-2021-239734.3Warning CVE-2021-239786.8High CVE-2021-239714.3Warning CVE-2021-239684.3Warning CVE-2021-239694.3Warning CVE-2021-239765.8High CVE-2021-239796.8High CVE-2021-239772.6Warning CVE-2021-239744.3Warning
	Find out the statistics of the vulnerabilities spreading in your region

KLA12090Multiple vulnerablities in Mozilla Firefox

KLA12090
Multiple vulnerablities in Mozilla Firefox