Mozilla Firefox and Firefox ESR Use-After-Free Zero-day Vulnerability (CVE-2024-9680)

Mozilla warns about the active exploitation of a vulnerability impacting Firefox and the Firefox Extended Support Release (ESR). Tracked as CVE-2024-9680, the vulnerability has a critical severity rating with a CVSS score of 9.8. Damien Schaeffer from ESET discovered and reported the vulnerability to Mozilla. CVE-2024-9680 is a use after free vulnerability in the Animation … Continue reading “Mozilla Firefox and Firefox ESR Use-After-Free Zero-day Vulnerability (CVE-2024-9680)”

Mozilla Patches Zero-day Heap Buffer Overflow Vulnerability (CVE-2023-4863)

Mozilla has released a security patch to address a zero-day vulnerability. Tracked as CVE-2023-4863, the vulnerability is rated as critical. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code or crash the application on devices running vulnerable versions of Firefox, Firefox ESR, and Thunderbird. Earlier this week, Google addressed the CVE … Continue reading “Mozilla Patches Zero-day Heap Buffer Overflow Vulnerability (CVE-2023-4863)”

Mozilla Releases Patches for Two Zero-day Vulnerabilities Affecting Firefox and Thunderbird (CVE-2022-1802, CVE-2022-1529)

Mozilla has released a security patch to address two zero-day vulnerabilities (CVE-2022-1802 and CVE-2022-1529) exploited during the Pwn2Own Vancouver 2022 hacking contest. Successful exploitation of these vulnerabilities allows attackers to get JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird.    The ability to … Continue reading “Mozilla Releases Patches for Two Zero-day Vulnerabilities Affecting Firefox and Thunderbird (CVE-2022-1802, CVE-2022-1529)”

Mozilla Firefox Releases Updates to Address Two Zero-day Vulnerabilities (CVE-2022-26485 & CVE-2022-26486)

Firefox is a free and open-source web browser for Windows, OS X, and Linux, as well as an Android mobile version.   Mozilla has released out-of-band software upgrades for its Firefox web browser to address two high-impact security flaws. According to the advisory, both vulnerabilities were actively exploited in the wild.    Mozilla has patched … Continue reading “Mozilla Firefox Releases Updates to Address Two Zero-day Vulnerabilities (CVE-2022-26485 & CVE-2022-26486)”

Mozilla Firefox Critical use-after-free Vulnerabilities(CVE-2020-6819, CVE-2020-6820)

Summary: In the first week of April, amidst of global lockdown environment, Mozilla Foundation had to publish advisory 2020-11 for Mozilla Firefox and Mozilla Firefox Extended Support Release (ESR). Firefox gets fixes for two zero-days exploited in the wild. The frequency of exploiting browsers, particularly mozilla has been trending since the start of this year. … Continue reading “Mozilla Firefox Critical use-after-free Vulnerabilities(CVE-2020-6819, CVE-2020-6820)”

Out-of-Order Execution Side-Channel attack [Spectre/Meltdown]

A flaw in Out-of-Order execution mechanism allows user level programs to leak addresses of kernel and process memory space. This vulnerability can be exploited to bypass KASLR as well as CPU security features like SMAP,SMEP,NX and PXN. It can be exploited to bypass OS process isolation. The issue affects processors from Intel, AMD ,ARM, Samsung and … Continue reading “Out-of-Order Execution Side-Channel attack [Spectre/Meltdown]”

WebEx Arbitrary Remote Code Execution via GPC Sanitization bypass

Introduction: Cisco WebEx has millions of users who use it regularly for online meeting, web conferencing and videoconferencing. Recently a remote code execution vulnerability was discovered by Google Project Zero team, with ID – CVE-2017-6753. Similar to CVE-2017-3823, the vulnerability is described as “a design defect in the extension”. The vulnerability allows an attacker to … Continue reading “WebEx Arbitrary Remote Code Execution via GPC Sanitization bypass”