Дата обнаружения
|
27/08/2015 |
Уровень угрозы
|
Critical |
Описание
|
Multiple serious vulnerabilities have been found in Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or execute arbitrary code. Below is a complete list of vulnerabilities
Technical details (1) can be exploited via a specially designed <canvas> element. Occurs when resize event coacts with style changes which causes recreation of original canvas reference. Normally when user enters the URL to an add-on directly warnings are bypassed because it’s result of direct user action. data: URL could be manipulated to simulate direct user input to exploit (2). Also URL can be spoofed to manipulate user into falsely believing that installation was initiated by trusted site. |
Пораженные продукты
|
Mozilla Firefox versions earlier than 40.0.3 |
Решение
|
Update to the latest version |
Первичный источник обнаружения
|
MFSA-2015-94 MFSA-2015-95 |
Оказываемое влияние
?
|
ACE
[?]
DoS
[?]
SB
[?]
|
Связанные продукты
|
Mozilla Firefox Mozilla Firefox ESR |
CVE-IDS
|
|
Узнай статистику распространения уязвимостей в твоем регионе |