1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Firefox update fixes two nasty security vulnerabilities, so patch

    From TechnologyDaily@1337:1/100 to All on Mon Mar 7 17:00:04 2022
    Firefox update fixes two nasty security vulnerabilities, so patch now

    Date:
    Mon, 07 Mar 2022 16:38:51 +0000

    Description:
    Mozilla did not reveal exactly how the zero-days are being abused in Firefox.

    FULL STORY ======================================================================

    Mozilla has released four new updates in an attempt to patch two critical Firefox vulnerabilities that are allegedly being exploited in the wild.

    Firefox 97.0.2., Firefox ESR 91.6.1., Firefox for Android 97.3.0., and Focus 97.3.0, have been launched addressing two serious zero-day flaws.

    The zero-days in question are described as Use-after-free, bugs which, when abused, crash the browser while giving the attacker the ability to run any commands without permission. That means a threat actor could potentially
    abuse the flaw to run malware , ransomware , or any other malicious code on the target endpoint. TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window << Malicious redirects

    With these patches, Mozilla addressed CVE-2022-26485, and CVE-2022-26486, without going into detail on how exactly theyre being abused in the wild, aside from saying their use has been reported on.

    Whatever the case may be, users are advised to patch up immediately, to prevent falling victim. They can do that by going to Firefox menu > Help > About Firefox , where the browser will automatically look for new updates and install them.

    The updates are also available for download on these links: Read more

    Mozilla warns Firefox and Chrome 100 could pose a Y2K-esque threat



    Mozilla has shut down its most pointless Firefox browser


    Read our full Mozilla Firefox review

    Being the actual window to the internet, browsers are often in the crosshairs for hackers. Mozilla was forced to block access to two popular add-ons which had around a million users in late 2021 following reports they had been compromised.

    Bypass and Bypass XM, two add-ons that were allegedly using reverse-proxies
    to allow users to access paywalled content, were said to be misusing the
    proxy API, thus interfering with the browsers update functionality.

    As users were prevented from downloading updates for the browser, as well as from accessing updated blocklists, the add-ons placed them in harms way. Stay safe with the best antivirus software right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/firefox-update-fixes-two-nasty-security-vulnera bilities-so-patch-now/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)