Дата обнаружения
|
19/04/2017 |
Уровень угрозы
|
Critical |
Описание
|
Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, bypass security restrictions, gain privileges and read/write local files. Below is a complete list of vulnerabilities:
Technical details Vulnerability (23) can affect displayed text so that the loaded site will look different from the one which is to be loaded within the adressbar. Vulnerability (29) occurs because unitialized values are used to create an array. Vulnerability (31) occurs because in the NSS library the internal state V does not correctly carry bits over. Vulnerabilities 1-24 are related for Mozilla Firefox ESR before 45.9 Vulnerabilities 1-31 are related for Mozilla Firefox ESR before 52.1 All vulnerabilities are related for Mozilla Firefox. NB: This vulnerability have no public CVSS rating so rating can be changed by the time. NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities. Information can be changed soon. |
Пораженные продукты
|
Mozilla Firefox versions earlier than 53 |
Решение
|
Update to the latest version |
Первичный источник обнаружения
|
MFSA-2017-10 MFSA-2017-11 MFSA-2017-12 |
Оказываемое влияние
?
|
ACE
[?]
OSI
[?]
DoS
[?]
SB
[?]
WLF
[?]
PE
[?]
RLF
[?]
XSS/CSS
[?]
SUI
[?]
|
Связанные продукты
|
Mozilla Firefox Mozilla Firefox ESR |
CVE-IDS
|
CVE-2016-101975.0Critical
CVE-2017-54617.5Critical CVE-2016-63547.5Critical CVE-2017-54337.5Critical CVE-2017-54357.5Critical CVE-2017-54366.8High CVE-2017-54597.5Critical CVE-2017-54664.3Warning CVE-2017-54347.5Critical CVE-2017-54327.5Critical CVE-2017-54607.5Critical CVE-2017-54387.5Critical CVE-2017-54397.5Critical CVE-2017-54407.5Critical CVE-2017-54417.5Critical CVE-2017-54427.5Critical CVE-2017-54647.5Critical CVE-2017-54437.5Critical CVE-2017-54445.0Critical CVE-2017-54467.5Critical CVE-2017-54476.4High CVE-2017-54656.4High CVE-2017-54545.0Critical CVE-2017-54697.5Critical CVE-2017-54455.0Critical CVE-2017-54495.0Critical CVE-2017-54514.3Warning CVE-2017-54625.0Critical CVE-2017-54675.0Critical CVE-2017-54307.5Critical CVE-2017-54297.5Critical CVE-2016-101957.5Critical CVE-2016-101965.0Critical CVE-2017-54487.5Critical CVE-2017-54555.0Critical CVE-2017-54567.5Critical CVE-2017-54505.0Critical CVE-2017-54635.0Critical CVE-2017-54524.3Warning CVE-2017-54534.3Warning CVE-2017-54584.3Warning CVE-2017-54686.4High |
Эксплуатация
|
Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details. |
Узнай статистику распространения уязвимостей в твоем регионе |