For HomeFor BusinessFor Partners
Threats
1 min read

Patch released to fix Firefox arbitrary code execution vulnerability

Luana PASCU

February 02, 2018

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Patch released to fix Firefox arbitrary code execution vulnerability

Mozilla Firefox released an update to patch its open-source web browser after developer Johann Hofmann detected a critical HTML flaw that could allow hackers to exploit the browser remotely. The vulnerability only affected the desktop version of Firefox, and not iOS, Android and Amazon Fire TV versions.

The vulnerability was the result of “insufficient sanitization of HTML fragments in chrome-privileged documents by the affected software,” according to a detailed advisory released by Cisco on Tuesday.

To infiltrate the system, the hacker would use either misleading language or instructions to convince the user to click on a link or open a file that seems legitimate. After the user follows instructions, the attacker gets admin privileges and can remotely corrupt the vulnerable software.

The critical HTML hijack vulnerability exploited Firefox”s Chrome User Interface design elements (no relation to Google Chrome) such as “menu bars, progress bars, window title bars, toolbars, or UI elements created by add-ons,” explains BleepingComputer.

Firefox 58.0.1 is the first update to the new Firefox Quantum browser, just after a week the browser was officially launched. Firefox users are advised to immediately update their browser and not open any emails or click on links that appear suspicious or are sent by unknown contacts. If there any doubts regarding the source of a link, file or email, it”s safer not to click, download or open.

When asked about its plans for 2018, Mozilla wants to expand into the mobile ecosystem by launching an improvement similar to Quantum and heavily focus on Focus, the iOS and Android Firefox version.

“Mobile will be huge for Mozilla in 2018 and we will see how much of that we want to include in Firefox, Focus or even other apps,” Barbara Bermes, product manager for Firefox Mobile told Neowin in an interview. “As it relates in particular to Focus, we want to be the trusted browser providing the most privacy by design and by default. The idea is to include smart defaults that address privacy concerns while not sacrificing performance or convenience.”

tags

Threats

Author

Luana PASCU

Luana PASCU

After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats.

View all posts

Right now Top posts

Spam trends of the week: Crypto giveaways, false prophets, Fintech phishing scams and more hit user inboxes worldwide
Scam Spam

Spam trends of the week: Crypto giveaways, false prophets, Fintech phishing scams and more hit user inboxes worldwide

April 19, 2024

5 min read
Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond
Scam How to Tips and Tricks

Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond

April 01, 2024

2 min read
Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts
Spam Industry News Threats

Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts

November 28, 2023

4 min read
Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting
Protecting Your Important How to Tips and Tricks

Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting

November 08, 2023

4 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Boeing refused to pay $200 million ransomware demand from LockBit gang
Industry News

Boeing refused to pay $200 million ransomware demand from LockBit gang
Graham CLULEY

May 10, 2024

2 min read
What Experts and Journalists Say About Bitdefender
Industry News

What Experts and Journalists Say About Bitdefender
Cristina POPOV

May 10, 2024

3 min read
Poloniex Hackers Have Begun to Move Some of the Stolen $120 Million
Industry News

Poloniex Hackers Have Begun to Move Some of the Stolen $120 Million
Silviu STAHIE

May 09, 2024

1 min read

Bookmarks

loader