Дата обнаружения
|
24/01/2017 |
Уровень угрозы
|
Critical |
Описание
|
Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, make code injection, run arbitrary code, bypass security restrictions, cause a denial of service. Below is a complete list of vulnerabilities
Technical details Vulnerability (5) can be caused by using insecure methods of creating a communication channel for copying and viewing JSON or HTTP headers data. Vulnerability (12) can be caused by modifying the CSP headers with the appropriate permissions and using host requests to redirect script loads to a malicious site. By exploiting vulnerability (13) remote attacker can save certificate content in unsafe locations with an arbitrary filename. Vulnerability (17) can be caused by a series of JavaScript events combined with fullscreen mode or scrolling out of the existing location bar on the new page. Vulnerability (18) can be caused by web content using pages that can load privileged about: pages in an iframe. Vulnerability (22) can be caused by sending of large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems. Vulnerabilities 10-22 are only for Mozilla Firefox. NB: This vulnerability have no public CVSS rating so rating can be changed by the time. NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities. Information can be changed soon. |
Пораженные продукты
|
Mozilla Firefox versions earlier than 51.0 |
Решение
|
Update to latest version |
Первичный источник обнаружения
|
MFSA 2017-02 MFSA 2017-01 |
Оказываемое влияние
?
|
ACE
[?]
OSI
[?]
DoS
[?]
CI
[?]
SB
[?]
WLF
[?]
PE
[?]
SUI
[?]
|
Связанные продукты
|
Mozilla Firefox Mozilla Firefox ESR |
CVE-IDS
|
CVE-2017-53757.5Critical
CVE-2017-53767.5Critical CVE-2017-53785.0Critical CVE-2017-53807.5Critical CVE-2017-53907.5Critical CVE-2017-53967.5Critical CVE-2017-53835.0Critical CVE-2017-53737.5Critical CVE-2017-53777.5Critical CVE-2017-53795.0Critical CVE-2017-53895.8High CVE-2017-53815.0Critical CVE-2017-53825.0Critical CVE-2017-53844.3Warning CVE-2017-53855.0Critical CVE-2017-53867.5Critical CVE-2017-53946.8High CVE-2017-53917.5Critical CVE-2017-53927.5Critical CVE-2017-53934.3Warning CVE-2017-53954.3Warning CVE-2017-53872.1Warning CVE-2017-53885.0Critical CVE-2017-53747.5Critical |
Эксплуатация
|
Public exploits exist for this vulnerability. |
Узнай статистику распространения уязвимостей в твоем регионе |