Security Vulnerability Alert: Update your Firefox Browser Now
Mozilla Firefox vulnerability could allow hackers to remotely tamper with users’ computers
Mozilla’s Firefox Quantum browser has been generally well received since its release, but there have been some hiccups, the most recent of which was reported by Cisco this week. On Tuesday the company disclosed a Firefox vulnerability that could allow a remote attacker to execute “arbitrary code” on a targeted system.
The vulnerability is due to insufficient sanitization of HTML fragments in chrome-privileged documents by the affected software. An attacker could exploit the vulnerability by persuading a user to access a link or file that submits malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the system completely.
Mozilla has already confirmed the vulnerability and has released a software update to fix it.
How does the Firefox Vulnerability Work?
In order to exploit this particular vulnerability, an attacker would first have to trick a Firefox user into downloading a pre-crafted file that inputs malicious code that is executed with user permissions. Depending on what those permissions are and what the code asks, any number of things could occur, including the entire system being completely compromised.
This vulnerability affects anyone running a desktop version of Firefox. It doesn’t impact Firefox for mobile (iOS & Android) or Amazon Fire TV.
While Firefox doesn’t enjoy the same market share as Google’s Chrome browser, it still enjoyed over 170 million downloads in Quantum’s first month, so a significant number of users could be a risk. And while Mozilla says that there is no evidence that this vulnerability was ever exploited in the wild, now that it’s been announced you can be sure the miscreants that prey on these types of bugs are already figuring out ways to trick users that haven’t updated yet.
So don’t get caught with your pants down. Update Firefox now.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown