Friday, September 13, 2024

Mozilla’s Firefox and Thunderbird: Critical Vulnerabilities in Pwn2Own Closed

Date:

Attackers could look at two of Mozilla as “criticalClassify vulnerabilities in Firefox, Firefox ESR, Firefox for Android, and Thunderbird and, in the worst case, run your own code. Now there are protected versions.

The two vulnerabilities (CVE-2022-1529, CVE-2022-1802) were disclosed during the Pwn2Own hacking competition. There, one participant successfully attacked applications via prototype contamination attacks in the context of JavaScript. JavaScript works as a prototype. Newly created objects inherit the properties and methods of the object prototype. This object-based inheritance is really useful, but it can also be abused.

An attacker only needs to modify the “object” prototype to manipulate all objects and make changes to the entire application. This is exactly what the security researcher did at the competition. He then he was able to run his own JavaScript. He received a $100,000 reward for successfully exploiting the vulnerabilities.

According to the warning messageversions Firefox 100.0.2, Firefox ESR 91.9.1, Firefox for Android 100.3 and Thunderbird 91.9.1 are prepared for it.

See also:

  • Firefox – download quickly and safely from heise.de
  • Thunderbird: Download quickly and safely from heise.de


(from)

to the home page

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:

Popular

More like this
Related

How to Use Video Marketing to Promote B2C Products?

Video marketing has emerged as a powerful tool for...

Adapting to Change: The Future for Leopard Tortoise Environments

Leopard tortoises, known for their striking spotted shells and...

Debunking Common Misconceptions in Nail Care

Acrylic nails, a popular choice for those seeking durable...

Top Reasons to Buy Instagram Likes from InsFollowPro.com

Buying Instagram followers is a strategy some individuals and...