Mozilla plugs critical and easily exploitable flaw in Firefox

Haythem Elmir
0 1
Read Time1 Minute, 16 Second

Firefox users would do well to upgrade to the browser’s latest release if they want to keep their computers safe from compromise.

Released on Monday, Firefox 58.0.1 contains one but very important security fix that plugs a vulnerability arising from insufficient sanitization of HTML fragments in chrome-privileged documents. (In this context, chrome is not the popular Google browser, but a component of Firefox.)

The vulnerability (CVE-2018-5124) is considered critical because a successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. And if the user has elevated privileges, the attacker could compromise the system completely.

Another reason for such a classification is that exploitation can be triggered with just a bit of clever social engineering.

“An attacker could exploit the vulnerability by persuading a user to access a link or file that submits malicious input to the affected software,” Cisco explained in an advisory.

“To exploit this vulnerability, the attacker may use misleading language or instructions to persuade a targeted user to open a crafted file.”

The flaw was found in Firefox versions 56 through 58 by Mozilla developer Johann Hofmann. Firefox for Android and Firefox 52 ESR are not affected.

Users and administrators are advised to apply the software update as soon as possible and, in general, to avoid following links or opening attachments contained in unsolicited (email) messages that come from unrecognized sources.

To read the original article:

https://www.helpnetsecurity.com/2018/01/31/cve-2018-5124/

 

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
100 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Laisser un commentaire

Next Post

Attackers can Bypass Fingerprint Authentication in Lenovo devices

Vulnerability in Lenovo Devices Allows Attacker to Bypass Fingerprint Authentication and Gain Higher Privileges. In case you own a ThinkCentre, ThinkPad or ThinkStation system manufactured by Lenovo, then we suggest that you immediately install an important security fix so as to prevent the vulnerability that bypasses encoded fingerprint data with […]