漏洞类别:Local
漏洞等级: 
漏洞信息
Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.
Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain files on the target system. A remote user can spoof URLs. A remote user can conduct cross-site scripting attacks.
A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Affected Version :
Firefox prior to 53.0
Firefox ESR prior to 52.1
Firefox ESR prior to 45.9
漏洞危害
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain files on the target system.
A remote user can spoof a URL.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
解决方案
The vendor has issued a fix (53.0). Refer to MFSA 2017-10 to MFSA 2017-12
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论