Skip to main content

Update Your Firefox Browser to Fix a Critical Remotely Exploitable Flaw


Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser.

The update comes just a week after the company rolled out its new Firefox Quantum browser, a.k.a Firefox 58, with some new features like improved graphics engine and performance optimizations and patches for more than 30 vulnerabilities.

According to a security advisory published by Cisco, Firefox 58.0.1 addresses an 'arbitrary code execution’ flaw that originates due to 'insufficient sanitization' of HTML fragments in chrome-privileged documents (browser UI).

Hackers could exploit this vulnerability (CVE-2018-5124) to run arbitrary code on the victim's computer just by tricking them into accessing a link or 'opening a file that submits malicious input to the affected software.'
"A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the system completely," the advisory states.
This could allow an attacker to install programs, create new accounts with full user rights, and view, change or delete data.

However, if the application has been configured to have fewer user rights on the system, the exploitation of this vulnerability could have less impact on the user.

Affected web browser versions include Firefox 56 (.0, .0.1, .0.2), 57 (.0, .0.1, .0.2, .0.3, .0.4), and 58 (.0). The vulnerability has been addressed in Firefox 58.0.1, and you can download from the company's official website.

The issue, which was discovered by Mozilla developer Johann Hofmann, does not affect Firefox browser for Android and Firefox 52 ESR.

Users are recommended to apply the software updates before hackers exploit this issue, and avoid opening links provided in emails or messages if they appear from suspicious or unrecognized sources.

Administrators are also advised to use an unprivileged account when browsing the Internet and monitor critical systems.

YOU MAY ALSO LIKE :

Labels:
Location: United States

Comments

Post a Comment

Popular posts from this blog

[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. What are Spectre and Meltdown? We have explained both, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running...
Post a Comment
Read more

iOS 11.3 coming this spring with battery and performance settings, ARKit 1.5, new Animoji

In a sign that Apple will continue to update iOS regularly instead of withholding features for its next major point-zero release, Apple on Wednesday revealed new features coming to an iOS 11.3 update this spring, including the ability to toggle the power management feature for iPhone models with aging batteries. Apple will implement new battery health information and the ability to customize power settings after it was revealed that the company  throttles CPU performance on older devices  where the battery is deteriorating. Apple's throttling is done to prevent random shutdowns of the device and ensure smooth operation, but some customers took offense to the fact that the slowdowns were occurring without transparency to the user. In a press release issued on Wednesday, Apple said that the iOS 11.3 update this fall will show battery health, and recommend to users if their battery needs to be serviced. The capabilities will be available for iPhone 6 and later. Users will...
Post a Comment
Read more

Unlocked phones vs. locked phones: Why you should care

Should you get an unlocked phone? The US wireless market is more competitive than ever, which is great news for consumers who have lots of choices when it comes choosing a service provider. But one barrier still exists when trying to switch carriers: the locked smartphone. The end of wireless contracts marked a watershed trend for consumers because it finally opened the door for them to more easily shop around for alternative wireless carriers. But the software locks that carriers put on phones restricting its use on other networks still prevent many consumers from having total freedom when it comes to choosing a provider. Now Verizon, the only wireless carrier that sold its phones unlocked out of the box, is reversing course. The company  said earlier this week  it would begin locking the phones it sells to consumers for an undetermined period of time, which will prevent them from using a SIM card from another carrier. But Verizon promised it would eventually ...
Post a Comment
Read more