this post was submitted on 15 Sep 2023
37 points (91.1% liked)

Netsec

704 readers
1 users here now

netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere. ‎

Rules

  1. Don't do unto others what you don't want done unto you.
  2. No Porn, Gore, or NSFW content. Instant Ban.
  3. No Spamming, Trolling or Unsolicited Ads. Instant Ban.
  4. Stay on topic in a community. Please reach out to an admin to create a new community.

founded 2 years ago
MODERATORS
[email protected]
37
Mozilla, CISA urge users to patch Firefox security flaw (therecord.media)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
5 comments fedilink hide all child comments
 

Mozilla released an advisory this week warning users of a vulnerability affecting its popular web browser and email client.

Exploitation of the bug would allow a hacker to take control of an affected system, officials at the Cybersecurity and Infrastructure Security Agency (CISA) said in their own notice.

Tagged as CVE-2023-4863, the vulnerability was discovered by Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at The University of Toronto, according to Mozilla.

Mozilla rated the vulnerability critical and said it is aware of it being exploited in other products in the wild. The company addressed the issue in patches to its Firefox, Firefox ESR and Thunderbird products.

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 12 points 1 year ago

The flaw is in a commonly used image format library and also affected Chromium browsers. Not sure why the headline and article are choosing to focus on Firefox especially.

[–] [email protected] 10 points 1 year ago

Some are at least mentioning Chrome has the same issue: https://www.theregister.com/2023/09/12/chrome_browser_webp_exploit/

[–] [email protected] 6 points 1 year ago (1 children)

Why is this possible in browsers to begin with? We need a new generation of browsers that sandbox everything like little VMs a la QubesOS

[–] [email protected] 2 points 1 year ago

They already do sandboxing, just sometimes things slip through the cracks and can break free of the sandbox.

[–] [email protected] 5 points 1 year ago

yes, it was fixed with version 117.0.1