CyberWisdom Safe Harbor Commentary on Mozilla flaw in Firefox
If Firefox users want to keep their computers safe, it’s best to upgrade to the latest version of your browser.
Fix to CVE-2018-5124 Flaw in Firefox
Firefox 58.0.1, released on Monday, contains a very important security fix that can address vulnerabilities caused by insufficient HTML fragmentation in the Chrome privileges document.The vulnerability (CVE-2018-5124) is considered to be very important because a successful exploit may allow an attacker to execute arbitrary code with the user’s privileges. And, if the user has elevated privileges, the attacker can completely compromise the system.
Another reason for this classification is that exploitation can be triggered by a few clever social projects.
“An attacker could exploit the vulnerability by persuading a user to access a link or file that submits malicious input to the affected software,” Cisco explained in an advisory.
To exploit this vulnerability, attackers may use misleading language or instructions to convince the target user to open the file. “
Mozilla developer Johann Hofmann found this vulnerability in Firefox versions 56-58. Firefox for Android and Firefox 52 ESR are not affected.
It is recommended that users and administrators apply software updates as soon as possible, as a rule, to avoid the following links or open attachments being included in unsolicited (email) messages from unidentified sources.
Firefox users would do well to upgrade to the browser’s latest release if they want to keep their computers safe from compromise. Released on Monday, Firefox 58.0.1 contains one but very important security fix that plugs a vulnerability arising from insufficient sanitization of HTML fragments in chrome-privileged documents. (In this context, chrome is not the popular Google browser, but a component of Firefox.) The vulnerability (CVE-2018-5124) is considered critical because a successful exploit could allow More → Engaging post, Read More…
thumbnail courtesy of helpnetsecurity.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »