Documente Academic
Documente Profesional
Documente Cultură
THREATS
Vulnerabilities
Threats
Russian
English
KLA11004
MULTIPLE VULNERABILITIES
IN MOZILLA FIREFOX AND
MOZILLA FIREFOX ESR
Updated: 05/11/2017
CVSS
? 0.0
Detect date
? 04/18/2017
Severity
? Warning
Description Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla
Firefox ESR. Malicious users can exploit these vulnerabilities to cause a denial of
service, spoof user interface, obtain sensitive information, execute arbitrary code,
perform cross-site scripting attacks, bypass security restrictions, gain privileges
and read/write localfiles.
Technical details
Vulnerability (23) can affect displayed text so that the loaded site will look
different from the one which is to be loaded within the adressbar.
Vulnerability (29) occurs because unitialized values are used to create an array.
Vulnerability (31) occurs because in the NSS library the internal state V does not
correctly carry bits over.
Vulnerabilities 1-24 are related for Mozilla Firefox ESR before 45.9
Vulnerabilities 1-31 are related for Mozilla Firefox ESR before 52.1
NB: This vulnerability have no public CVSS rating so rating can be changed by
the time.
NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities.
Information can be changed soon.
Original MFSA-2017-10
advisories MFSA-2017-11
MFSA-2017-12
Impacts
? WLF [?]
RLF [?]
SUI [?]
ACE[?]
OSI [?]
XSSCSS [?]
SB[?]
PE [?]
DoS [?]