1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Mozilla warns of critical Firefox security flaw, so patch immedia

    From TechnologyDaily@1337:1/100 to All on Thu Oct 10 16:30:05 2024
    Mozilla warns of critical Firefox security flaw, so patch immediately

    Date:
    Thu, 10 Oct 2024 15:28:00 +0000

    Description:
    Flaw in Mozilla Firefox is being exploited in the wild, browser maker reports.

    FULL STORY ======================================================================

    Mozilla has just patched a major vulnerability in its Firefox browser that
    was apparently being abused in the wild.

    In a short security advisory, the company said it discovered a use-after-free vulnerability in Animation timelines.

    This bug, tracked as CVE-2024-9680, does not yet have a severity rating, but is being abused to achieve remote code execution (RCE), which means crooks
    can use it to deploy malware on vulnerable devices, and possibly even take them over, entirely. Drive-by, XSS, and more

    "We have had reports of this vulnerability being exploited in the wild, Mozilla said in the advisory, adding both Firefox and Firefox Extended
    Support Release (ESR) are vulnerable, so users are advised to patch to these versions immediately:

    Firefox 131.0.2
    Firefox ESR 128.3.1, and
    Firefox ESR 115.16.1.

    There are currently no reports on who, or how, is exploiting this bug, but looking at similar recent issues, there are several ways the vulnerability could be abused, including a watering hole attack targeting specific
    websites, or a drive-by download campaign that tricks people into visiting
    the wrong website.

    Browsers are an indispensable part of every computer these days, and as such, they are basically omnipresent. This makes them an extremely popular target for cybercriminals looking for a way onto a network and into a device. Firefox, with more than 250 million monthly active users, is one of the most popular products in its category, having been downloaded more than 2 billion times globally.

    By hosting vulnerable code, the browser allows threat actors to conduct,
    among other things, drive-by download attacks. Hackers can inject malicious code into websites or ads they previously compromised. When a user visits
    such a site, they download malware without even realizing.

    Other types of attacks made possible via compromised browsers include cross-site scripting (XSS), buffer overflows, and man-in-the-middle attacks.

    Via The Hacker News More from TechRadar Pro More cybersecurity firms could collapse soon, experts warn Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/mozilla-warns-of-critical-firefox-secur ity-flaw-so-patch-immediately


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)