Patch released to fix Firefox arbitrary code execution vulnerability
Mozilla Firefox released an update to patch its open-source web browser after developer Johann Hofmann detected a critical HTML flaw that could allow hackers to exploit the browser remotely. The vulnerability only affected the desktop version of Firefox, and not iOS, Android and Amazon Fire TV versions.
The vulnerability was the result of “insufficient sanitization of HTML fragments in chrome-privileged documents by the affected software,” according to a detailed advisory released by Cisco on Tuesday.
To infiltrate the system, the hacker would use either misleading language or instructions to convince the user to click on a link or open a file that seems legitimate. After the user follows instructions, the attacker gets admin privileges and can remotely corrupt the vulnerable software.
The critical HTML hijack vulnerability exploited Firefox”s Chrome User Interface design elements (no relation to Google Chrome) such as “menu bars, progress bars, window title bars, toolbars, or UI elements created by add-ons,” explains BleepingComputer.
Firefox 58.0.1 is the first update to the new Firefox Quantum browser, just after a week the browser was officially launched. Firefox users are advised to immediately update their browser and not open any emails or click on links that appear suspicious or are sent by unknown contacts. If there any doubts regarding the source of a link, file or email, it”s safer not to click, download or open.
When asked about its plans for 2018, Mozilla wants to expand into the mobile ecosystem by launching an improvement similar to Quantum and heavily focus on Focus, the iOS and Android Firefox version.
“Mobile will be huge for Mozilla in 2018 and we will see how much of that we want to include in Firefox, Focus or even other apps,” Barbara Bermes, product manager for Firefox Mobile told Neowin in an interview. “As it relates in particular to Focus, we want to be the trusted browser providing the most privacy by design and by default. The idea is to include smart defaults that address privacy concerns while not sacrificing performance or convenience.”
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
Cyber Tips for a Spook-Free Halloween
October 26, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022