We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

What about vulnerability KLA10852?

more options

Kaspersky brought up this vulnerability in Firefox, and it contains 22 vulnerabilities! Are we fixing them?

   An improper network connection handling can be exploited remotely via traffic overview to obtain sensitive information;
   Multiple unknown vulnerabilities at the browser engine can be exploited remotely to cause denial of service or possibly execute arbitrary code;
   Buffer overflow vulnerability at ClearKey Content Decryption Module can be exploited remotely via a specially designed video to execute arbitrary code;
   Buffer overflow can be exploited remotely via a specially designed SVG document to execute arbitrary code;
   An improper cairo calls can be exploited remotely via a specially designed video to cause denial of service;
   Lack of restrictions can be exploited remotely via a specially designed API calls to obtain sensitive information;
   An unknown vulnerability can be exploited remotely via a specially designed URL to spoof user interface;
   Buffer overflow can be exploited remotely via a specially designed graphics to execute arbitrary code;
   An unknown vulnerability at Updater can be exploited locally via vectors related to callback application-path parameter and a hard link to write arbitrary files;
   Use-after-free vulnerability can be exploited via vectors related to keyboard yo cause denial of service or execute arbitrary code;
   Use-after-free vulnerability can be exploited via a specially designed JavaScript to execute arbitrary code;
   Use-after-free at WebRTC can be exploited remotely to execute arbitrary code;
   Use-after-free vulnerability can be exploited remotely via a specially designed script to execute arbitrary code;
   An improper input types handling at Sessions Manager can be exploited via session restoration file reading to obtain sensitive information;
   Integer overflow at WebSocket can be exploited remotely via a specially designed packets to cause denial of service or execute arbitrary code;
   Lack of restrictions can be exploited via a specially designed web-site to conduct cross-site scripting;
   An improper rendering display transformation handling can be exploited remotely via a specially designed web site to execute arbitrary code;
   Use-after-free vulnerability can be exploited remotely via a specially designed SVG element to cause denial of service or execute arbitrary code;
   An unknown vulnerability can be exploited user-assisted remote attackers via a files manipulation to bypass security restrictions, conduct universal cross-site scripting attack or read arbitrary files;
   Lack of drag-n-drop restrictions can be exploited via a specially designed web site to access local files;
   An unknown vulnerability can be exploited remotely via a special characters to spoof user interface;
   An improper flags handling can be exploited via a specially designed URL to spoof user interface.
Kaspersky brought up this vulnerability in Firefox, and it contains 22 vulnerabilities! Are we fixing them? An improper network connection handling can be exploited remotely via traffic overview to obtain sensitive information; Multiple unknown vulnerabilities at the browser engine can be exploited remotely to cause denial of service or possibly execute arbitrary code; Buffer overflow vulnerability at ClearKey Content Decryption Module can be exploited remotely via a specially designed video to execute arbitrary code; Buffer overflow can be exploited remotely via a specially designed SVG document to execute arbitrary code; An improper cairo calls can be exploited remotely via a specially designed video to cause denial of service; Lack of restrictions can be exploited remotely via a specially designed API calls to obtain sensitive information; An unknown vulnerability can be exploited remotely via a specially designed URL to spoof user interface; Buffer overflow can be exploited remotely via a specially designed graphics to execute arbitrary code; An unknown vulnerability at Updater can be exploited locally via vectors related to callback application-path parameter and a hard link to write arbitrary files; Use-after-free vulnerability can be exploited via vectors related to keyboard yo cause denial of service or execute arbitrary code; Use-after-free vulnerability can be exploited via a specially designed JavaScript to execute arbitrary code; Use-after-free at WebRTC can be exploited remotely to execute arbitrary code; Use-after-free vulnerability can be exploited remotely via a specially designed script to execute arbitrary code; An improper input types handling at Sessions Manager can be exploited via session restoration file reading to obtain sensitive information; Integer overflow at WebSocket can be exploited remotely via a specially designed packets to cause denial of service or execute arbitrary code; Lack of restrictions can be exploited via a specially designed web-site to conduct cross-site scripting; An improper rendering display transformation handling can be exploited remotely via a specially designed web site to execute arbitrary code; Use-after-free vulnerability can be exploited remotely via a specially designed SVG element to cause denial of service or execute arbitrary code; An unknown vulnerability can be exploited user-assisted remote attackers via a files manipulation to bypass security restrictions, conduct universal cross-site scripting attack or read arbitrary files; Lack of drag-n-drop restrictions can be exploited via a specially designed web site to access local files; An unknown vulnerability can be exploited remotely via a special characters to spoof user interface; An improper flags handling can be exploited via a specially designed URL to spoof user interface.

被選擇的解決方法

from https://threats.kaspersky.com/en/vulnerability/KLA10852/

Affected products Firefox versions earlier than 48.0 Firefox ESR versions earlier than 45.3.0

You appear to have the older Firefox 47.0 or 47.0.1

https://www.mozilla.org/firefox/releases/ https://www.mozilla.org/security/known-vulnerabilities/firefox/

從原來的回覆中察看解決方案 👍 0

所有回覆 (2)

more options

選擇的解決方法

from https://threats.kaspersky.com/en/vulnerability/KLA10852/

Affected products Firefox versions earlier than 48.0 Firefox ESR versions earlier than 45.3.0

You appear to have the older Firefox 47.0 or 47.0.1

https://www.mozilla.org/firefox/releases/ https://www.mozilla.org/security/known-vulnerabilities/firefox/

more options

You can try the internal updater: Update Firefox to the latest release.