Kaspersky Threats

KLA11545
Multiple vulnerabilities in Mozilla Firefox ESR

Обновлено: 25/09/2019

Дата обнаружения	03/09/2019
Уровень угрозы	Critical
Описание	Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, perform cross-site scripting attack, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: A vulnerability can be exploited remotely to execute arbitrary code; Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code; A vulnerability can be exploited remotely to perform cross-site scripting attacks; A sandbox escape vulnerability can be exploited to bypass security restrictions; A type confusion vulnerability can be exploited to cause denial of service; A same-origin policy violation vulnerability can be exploited to bypass security restrictions; Multiple race condition vulnerabilities in Mozilla Maintenance Service can be exploited to gain privileges; A vulnerability in WebRTC can be exploited to bypass security restrictions; Multiple use-after-free vulnerabilities can be exploited remotely to cause denial of service; A cross-origin access vulnerability can be exploited to bypass security restrictions;
Пораженные продукты	Mozilla Firefox earlier than 60.9 Mozilla Firefox earlier than 68.1
Решение	Update to the latest version Download Mozilla Firefox ESR
Первичный источник обнаружения	mfsa2019-27 mfsa2019-26
Оказываемое влияние ?	ACE [?] DoS [?] SB [?] PE [?] XSS/CSS [?]
Связанные продукты	Mozilla Firefox ESR
CVE-IDS	CVE-2019-117510.0Unknown CVE-2019-117520.0Unknown CVE-2019-117350.0Unknown CVE-2019-117460.0Unknown CVE-2019-98120.0Unknown CVE-2019-117500.0Unknown CVE-2019-117420.0Unknown CVE-2019-117380.0Unknown CVE-2019-117490.0Unknown CVE-2019-117530.0Unknown CVE-2019-117360.0Unknown CVE-2019-117480.0Unknown CVE-2019-117400.0Unknown CVE-2019-117470.0Unknown CVE-2019-117440.0Unknown CVE-2019-117430.0Unknown