KLA10120
Multiple vulnerabilities in Mozilla
Обновлено: 17/06/2019
Дата обнаружения
18/03/2014
Уровень угрозы
Critical
Описание

Multiple critical vulnerabilities have been found in Mozilla products. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code, bypass security restrictions or gain privileges. Below is a complete list of vulnerabilities

  1. Vectors related to the SVG filter can be exploited remotely via timing attacks;
  2. Multiple unknown vulnerabilities can be exploited remotely via unknown vectors;
  3. Vectors related to unknown applications can be exploited locally via update content manipulations;
  4. Vectors related to DecodeAudioData can be exploited remotely via a specially designed WAV file;
  5. Vectors related to MathML polygon rendering can be exploited remotely via unknown applications;
  6. A buffer overflow can be exploited remotely via a specially designed extension.
Пораженные продукты

Mozilla Firefox versions 27.0.1 and earlier
Waterfox Firefox versions 27.0.1 and earlier
Mozilla Firefox ESR versions 24.3 and earlier
Mozilla Thunderbird versions 24.3 and earlier
Mozilla Seamonkey versions 2.24 and earlier
CometBird all versions

Решение

Update to latest version
Thunderbird
Seamonkey
Firefox

Первичный источник обнаружения
MFSA
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]
Связанные продукты
Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Mozilla Firefox ESR
CVE-IDS
CVE-2014-15086.8High
CVE-2014-14976.8High
CVE-2014-14966.9High
CVE-2014-14949.3Critical
CVE-2014-15097.6Critical
CVE-2014-15056.8High
CVE-2014-14939.3Critical