Attackers were able to push firefox and gate browser shadcode add-ons

Attackers were able to push firefox and gate browser shadcode add-ons

Firefox, firefox ESR and the anonymous gate browser are vulnerable. Under certain conditions, attackers were able to export carcasses on computers. Overall, the degree of threat is considered "high".

In firefox 80 for all operating systems, mozilla has closed a total of ten security. The vulnerability as the most dangerous vulnerability (CVE-2020-15663) threatens unusable windows, write the developers in a post.

Dangerous files and extensions

If the browser is installed in a folder writable by uses, attackers were able to update.Exe process a praarized file that the process with admin rights exports. Since the process only accepted by mozilla signed files, attackers had to deal with this protection mechanism with a downgrade attack.

By taking advantage of another vulnerability (CVE-2020-15664), attackers sacrificed over manipulated websites a manifested add-on. In addition, different timing and XSS attacks are conceivable.

How about a post on mozilla.Org shows the developers in firefox ESR 68.12 and 78.2 A total of three lights with the degree of threat "high" closed. These are the already mentioned vulnerabilities.

Other changes in firefox 80 are limited. For example, the browser can now be set as standard PDF viewer of the operating system.

Safe in the gate network surf

Since the gate browser is based on firefox ESR and thus affected by the leach, the developers have the secured version 9.5.4 released. In addition to the secured firefox ESR 68.12 brings the current gate browser still https everywhere 2020.08.13 and noscript 11.0.38 with.

In a blog post, the developers share with that they want to inform the goal browser in version 10 at the end of september.

Leave a Reply

Your email address will not be published. Required fields are marked *