• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Mozilla updates Firefox; issues patch for 'critical' vulnerability

A

Austin

Alfrescian
Loyal

Ashley Carman, Editorial Assistant
August 07, 2015

Mozilla updates Firefox; issues patch for 'critical' vulnerability

firefox_thumb_480079.jpg


Mozilla updated its Firefox browser to version 39.0.3 earlier this week and patched seven bugs in the process.

Mozilla updated its Firefox browser to version 39.0.3, and along with its update comes fixes for multiple vulnerabilities, including one “critical” bug and three flaws rated “high severity."

The critical vulnerability, spotted in the wild earlier this week, comes from the “interaction of the mechanism that enforces JavaScript context separation (the ‘same origin policy') and Firefox's PDF Viewer,” the company wrote in a blog post. Although possible attackers couldn't exploit the vulnerability to execute arbitrary code, the criminals would be able to inject a JavaScript payload into the local file context. This could allow an attacker to search for and upload local files.

While only Windows and Linux users were impacted, Mac users could be vulnerable if a person creates a new payload.

In addition to updating their browser, Mozilla suggests users update passwords and keys associated with affected files.

Included among the high severity vulnerabilities was one bug in USB Mass Storage handling of Firefox OS that could have allowed unauthorized access to device data through the USB interface. The two other high severity vulnerabilities involved remote HTML tag injection in Gaia's system app. Gaia is the user interface level of Firefox OS, and everything that appears onscreen after the browser's OS loads is drawn by Gaia.

One of the flaws could have allowed unauthorized access to device data through the USB interface and could expose USB media volumes to USB hosts while a device is locked with a passcode. The other Gaia-related bug could allow attackers to inject HTML code into the system app's context through specially crafted search links.

The update also pegged three other vulnerabilities, one of “moderate” severity and the other two of “low” severity.

Mozilla defines critical vulnerabilities as any that can “be used to run attacker code and install software, requiring no user interaction beyond normal browsing.” On the opposite end of the spectrum, low severity bugs are defined as any “minor security vulnerabilities such as denial-of-service attacks, minor data leaks or spoofs.”



 
You must log in or register to reply here.

Similar threads

SBFNews
New Singpass face verification feature for CPF log-in to protect vulnerable Singaporeans against malware scams
Replies
3
Views
752
k1976
k1976
SBFNews
The tech flaw that lets CCP hackers control surveillance cameras
Replies
12
Views
1K
duluxe
duluxe
gsbslut
Huge data leak dubbed the 'Mother of all Breaches' sees 26 BILLION records leaked from sites including Twitter, Linkedin, and Dropbox - here's how to
Replies
2
Views
686
eatshitndie
eatshitndie
gsbslut
Some ex-TikTok employees say the social media service worked closely with its China-based parent despite claims of independence
Replies
2
Views
270
millim6868
M
P
Chitchat Shortseller Report about Tiong Company Ping Duo Duo (Temu)
Replies
0
Views
429
Pinkieslut
P
Top