An Interest In:
Web News this Week
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
Some of Our Sources
- Engadget
- TutsPlus - Code
- Smashing Magazine
- TutsPlus - Design
- You The Designer
- Spyre Studios
- Web Resource Source
- Android Dissected
- Hashedout
- The Verge
Help Webnuz
Referal links:
Update Firefox products now to fix critical vulnerabilities
During the Pwn2Own Vancouver 2022 hacking event, Manfred Paul demonstrated an attack on the Firefox browser that involves two types of vulnerabilities: prototype pollution (CVE-2022-1802), and improper input validation (CVE-2022-1529). The attack took about 8 seconds to perform, resulting in a sandbox escape and eventually controlling the victim's operating system. In practice, users can be affected right after visiting a malicious website on a vulnerable system.
Two days after the demonstration, Mozilla released Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, and Thunderbird 91.9.1 to patch the vulnerabilities. Other Firefox-based browsers such as Tor are also affected by the vulnerabilities. Users and system administrators are recommended to upgrade the affected products to the latest version as soon as possible.
The attack is shown below (starts at 3:23).
Pwn2Own Vancouver 2022 - Manfred Paul vs Mozilla Firefox - YouTube
The third streaming attempt of Pwn2Own Vancouver 2022 will see Manfred Paul (@_manfp) targeting Mozilla Firefox (including sandbox escape) in the Web Browser...
youtube.com Interested in programming? My other articles might be helpful to you!
Original Link: https://dev.to/hunghvu/update-firefox-products-now-to-fix-critical-vulnerabilities-44c5
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To