An Interest In:
Web News this Week
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
Update Firefox products now to fix critical vulnerabilities
During the Pwn2Own Vancouver 2022 hacking event, Manfred Paul demonstrated an attack on the Firefox browser that involves two types of vulnerabilities: prototype pollution (CVE-2022-1802), and improper input validation (CVE-2022-1529). The attack took about 8 seconds to perform, resulting in a sandbox escape and eventually controlling the victim's operating system. In practice, users can be affected right after visiting a malicious website on a vulnerable system.
Two days after the demonstration, Mozilla released Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, and Thunderbird 91.9.1 to patch the vulnerabilities. Other Firefox-based browsers such as Tor are also affected by the vulnerabilities. Users and system administrators are recommended to upgrade the affected products to the latest version as soon as possible.
The attack is shown below (starts at 3:23).
Interested in programming? My other articles might be helpful to you!
Original Link: https://dev.to/hunghvu/update-firefox-products-now-to-fix-critical-vulnerabilities-44c5
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To