Friday, January 22, 02:26
Home security Firefox: Critical zero day vulnerability-Update immediately!

Firefox: Critical zero day vulnerability-Update immediately!

zero-day vulnerability

Η Mozilla just released one updated version for Firefox browser in order to correct an issue security, which had already begun to be exploited by the hackers. it is about a zero-day vulnerability.

If you are using the regular version of Firefox, you need to upgrade from 74.0 to 74.0.1 and if you are using Extended Support Release (ESR), you will need to upgrade from version ESR 68.6.0 to ESR 68.6.1.

Zero-day vulnerability could be attributed to the Firefox 68 version, which was released in July 2019. It could, however, be a "side effect" of a patch of the 68.0 version.

(If you have Firefox ESR version XY0, stick to the Firefox X.0 feature set, but with all the updates security which have even come out of Firefox (X + Y) .0).

However, there are no details on when the Firefox error was discovered by them hackers and how exactly they take advantage of it.

Right now, Mozilla says only that:

Firefox

What does use-after-free mean?

The use-after-free is a category of errors caused by improper use memory blocks from one program.

Usually, a program "returns the blocks of memory" to the operating system system after finishing with them, allowing the memory to be used again for something else.

The function by which the μνήμη is returned for reuse, called free (), and once you release the memory, you obviously can't access it again.

In this process some mistake can be made and enter code in data which were made in such a way by a swindler to deceive you.

Not all use-after-free errors are exploitable and also cannot all cause the same problem. For example, an intruder can only change the contents of an icon or message you want to show off, which could be used to deceive others users.

However, in some cases, errors can allow an intruder to change the flow of control within the program. It could for example affect the CPU to execute unreliable code, that the intruder "threw" in memory, bypassing his security checks browser.

This is the most serious kind of vulnerability. It is also known as RCE and refers to remote code execution. The criminal can execute the code on your computer even if it is on the other side of the world.

What can we do;

If already some hackers managed to take advantage of it vulnerability, others will. Therefore, the most common but effective treatment is regular updating of systems.

Most Firefox users should automatically receive updates, but it's a good idea to check to make sure.

Click the menu (three-line icon) in the upper-right corner, and then select Help> About Firefox.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...
00:02:35

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...