Although these points are only vulnerable under certain conditions, the company has described both as critical. The good news is that Mozilla quickly released one patch to correct them.
Hackers were found to exploit two previously unknown vulnerabilities in the Firefox browser to control computers.
The details of these vulnerabilities are minimal, but it is known that they can trigger a "race conditions,”Which results in a dangerous situation for the browser. If this is exploited, the errors could cause the system to 'crash' or push Firefox to execute code, paving the way for a hacker to download additional malware to your PC.
"We are aware of targeted attacks on the outside world that exploit such a flawSaid Mozilla, the developer of Firefox, in a warning, describing both of these vulnerabilities.
Specifically, the problem is that the browser manages the RAM memory blocks. In order not to monopolize all system resources, the program normally returns the memory blocks after completing a process.
The same program should not regain access to a released memory block that is now occupied by another program, says security company Sophos. However, it seems that Firefox incorrectly accesses memory blocks when the program processes data through the "nsDocShell destructor”And when managing a“Readable Stream.The result creates a "use-after-freeWeakness, which may allow a program to run unreliable code from a memory block.
"In some cases, use-after-free bugs may allow a hacker to change the flow of control within a program, including turning the CPU to run untrusted code that has just been embedded from an external source. Therefore, bypass all the usual browser security checks or 'are you sure?' dialog boxesSophos added.
According to Mozilla, these defects only work under certain conditions. Nevertheless, both weaknesses were identified as critical. Fortunately, the company has released a patch, which will be automatically released to users as Firefox versions 74.0.1 and Firefox ESR 68.6.1.
To check if your version is up to date, go to your browser's help button in Windows and select “About Firefox”To see which version you are running. In macOS, you can go to the preferences panel and scroll down to see the version number.
The security investigators who discovered these vulnerabilities promise to release more details, which will reveal how the hackers carry out their attacks. Researchers also say that other browsers may have the same problem.
[the_ad_group id = ”966 ″]