Mozilla warns about the active exploitation of a vulnerability impacting Firefox and the Firefox Extended Support Release (ESR). Tracked as CVE-2024-9680, the vulnerability has a critical severity rating with a CVSS score of 9.8. Damien Schaeffer from ESET discovered and reported the vulnerability to Mozilla. CVE-2024-9680 is a use after free vulnerability in the Animation … Continue reading “Mozilla Firefox and Firefox ESR Use-After-Free Zero-day Vulnerability (CVE-2024-9680)”
Tag: Firefox
Mozilla Patches Zero-day Heap Buffer Overflow Vulnerability (CVE-2023-4863)
Mozilla has released a security patch to address a zero-day vulnerability. Tracked as CVE-2023-4863, the vulnerability is rated as critical. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code or crash the application on devices running vulnerable versions of Firefox, Firefox ESR, and Thunderbird. Earlier this week, Google addressed the CVE … Continue reading “Mozilla Patches Zero-day Heap Buffer Overflow Vulnerability (CVE-2023-4863)”
Mozilla Releases Patches for Two Zero-day Vulnerabilities Affecting Firefox and Thunderbird (CVE-2022-1802, CVE-2022-1529)
Mozilla has released a security patch to address two zero-day vulnerabilities (CVE-2022-1802 and CVE-2022-1529) exploited during the Pwn2Own Vancouver 2022 hacking contest. Successful exploitation of these vulnerabilities allows attackers to get JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird. The ability to … Continue reading “Mozilla Releases Patches for Two Zero-day Vulnerabilities Affecting Firefox and Thunderbird (CVE-2022-1802, CVE-2022-1529)”
Mozilla Firefox Releases Updates to Address Two Zero-day Vulnerabilities (CVE-2022-26485 & CVE-2022-26486)
Firefox is a free and open-source web browser for Windows, OS X, and Linux, as well as an Android mobile version. Mozilla has released out-of-band software upgrades for its Firefox web browser to address two high-impact security flaws. According to the advisory, both vulnerabilities were actively exploited in the wild. Mozilla has patched … Continue reading “Mozilla Firefox Releases Updates to Address Two Zero-day Vulnerabilities (CVE-2022-26485 & CVE-2022-26486)”
Mozilla Firefox Critical use-after-free Vulnerabilities(CVE-2020-6819, CVE-2020-6820)
Summary: In the first week of April, amidst of global lockdown environment, Mozilla Foundation had to publish advisory 2020-11 for Mozilla Firefox and Mozilla Firefox Extended Support Release (ESR). Firefox gets fixes for two zero-days exploited in the wild. The frequency of exploiting browsers, particularly mozilla has been trending since the start of this year. … Continue reading “Mozilla Firefox Critical use-after-free Vulnerabilities(CVE-2020-6819, CVE-2020-6820)”
Mozilla Firefox And Firefox ESR Type Confusion Vulnerability
Summary: Mozilla Firefox and Firefox Extended Support Release (ESR) suffer from Type Confusion Vulnerability which could allow for arbitrary code execution. Depending on the privileges of the user, an attacker could install, view, change, or delete data, or create new accounts with full user rights. This issue was assigned under CVE-2019-17026. Description: Recently a Type … Continue reading “Mozilla Firefox And Firefox ESR Type Confusion Vulnerability”
WebEx Arbitrary Remote Code Execution via GPC Sanitization bypass
Introduction: Cisco WebEx has millions of users who use it regularly for online meeting, web conferencing and videoconferencing. Recently a remote code execution vulnerability was discovered by Google Project Zero team, with ID – CVE-2017-6753. Similar to CVE-2017-3823, the vulnerability is described as “a design defect in the extension”. The vulnerability allows an attacker to … Continue reading “WebEx Arbitrary Remote Code Execution via GPC Sanitization bypass”
Firefox SVG Animation Remote Code Execution CVE-2016-9079
Introduction: A zero day exploit against Tor Browser and FireFox has been observed in the wild. The exploit is initiated when a target accesses a compromised web page or web page hosted by an attacker. The vulnerability has been assigned CVE Id – 2016-9079, Bugzilla id – 1321066. The exploit targets a use after free vulnerability … Continue reading “Firefox SVG Animation Remote Code Execution CVE-2016-9079”
Shell Code Analysis for The Active Firefox Tor Attack
On November 29, an exploit code against TorBrowser was published. It is reported that Firefox and TorBrowser are under active attack for this vulnerability. This blog explains what the attackers are trying to do on their victim’s machine (shell code) and the techniques used under the hood. Get The Shell Code Ready Shell code is … Continue reading “Shell Code Analysis for The Active Firefox Tor Attack”