Language Selection

English French German Italian Portuguese Spanish

Mozilla Firefox Two Vulnerabilities

Filed under
Security

Classified Extremely critical, two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

Description:
Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

1) The problem is that "IFRAME" JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site.

2) Input passed to the "IconURL" parameter in "InstallTrigger.install()" is not properly verified before being used. This can be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL.

Successful exploitation requires that the site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org").

A combination of vulnerability 1 and 2 can be exploited to execute arbitrary code.

NOTE: Exploit code is publicly available.

The vulnerabilities have been confirmed in version 1.0.3. Other versions may also be affected.

Solution:
Disable JavaScript.

Linkage.

More in Tux Machines

Linux Kernel: Linux 4.15.4, Linux 4.14.20, Linux 4.9.82, Linux 4.4.116 and Linux 3.18.95

fail0verflow turns a Nintendo Switch into a full-fledged Linux PC

Less than two weeks after demonstrating an exploit that allows Linux to be loaded unto a Nintendo Switch game console, fail0verflow is back with a new video showing what appears to be a full-fledged GNU/Linux-based operating system running on Nintendo’s tablet. The video shows a Switch running the KDE Plasma desktop environment, complete with support for touchscreen input, internet connectivity, and 3D graphics. Read more

LMMS Guide Part 1: Creating Simple Melodies Using Sounds And Instruments

​LMMS stands for Linux Multimedia Studio. It is a very good open-source program that is used to create music tracks using sound files, predefined instruments, and sound effects. LMMS has versions for Windows and macOS in addition to Linux. Their website, of course, lists all of their features offered to users. This article will attempt to provide practical guides and tips for composing songs using LMMS. Read
more

How To Create Shell Scripts

Having to type the same command over and over again can be a daunting task and tiresome for that matter. The shell scripts are really easy to create and run saving you from a lot of misery and anguish if you really prefer using the terminal over using the GUI for running tasks. Read
more