KLA12090
Multiple vulnerablities in Mozilla Firefox

Обновлено: 24/02/2021
Дата обнаружения
23/02/2021
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code, spoof user interface, perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

  1. A pointer operation vulnerability can be exploited to cause denial of service.
  2. A security bypass vulnerability can be exploited to bypass security restrictions.
  3. A HTTP Auth phishing vulnerability can be exploited to obtain sensitive information.
  4. OSI vulnerability in MediaError message property can be exploited to obtain sensitive information.
  5. A memory safety vulnerability can be exploited to execute arbitrary code.
  6. A security vulnerability in Referrer-Policy can be exploited to obtain sensitive information.
  7. A security bypass vulnerability in Content Security Policy violation report to obtain sensitive information.
  8. A security UI vulnerability in web manifests for Android can be exploited to spoof user interface.
  9. A time-of-check-time-of-use vulnerability in application directories on Android can be exploited to obtain sensitive information.
  10. A cross-site-scripting (XSS) vulnerability in the DOMParser API can be exploited to perform cross-site scripting attack.
Пораженные продукты

Mozilla Firefox earlier than 86

Решение

Update to the latest version
Download Firefox

Первичный источник обнаружения
MFSA2021-07
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

XSS/CSS 
[?]

SUI 
[?]
Связанные продукты
Mozilla Firefox
CVE-IDS
Узнай статистику распространения уязвимостей в твоем регионе