Mozilla fixes vulnerabilities in Firefox, SeaMonkey and Thunderbird
Mozilla has eliminated vulnerabilities in three of its products - Firefox, SeaMonkey and Thunderbird, patching a “hole” that allows an attacker to remotely perform a XSS attack.
The error occurring when processing the “about: blank” pages loaded with the chrome into an additional module allows the hacker to create a special page that can execute arbitrary script code in the victim's browser with chrome privileges. The user only needs to click on a specially created link that opens the “about: blank” page with the help of an additional module.
To get rid of the vulnerability, you just need to update the program by downloading the latest versions from the Mozilla website.
')
via SecurityLab.ru
The error occurring when processing the “about: blank” pages loaded with the chrome into an additional module allows the hacker to create a special page that can execute arbitrary script code in the victim's browser with chrome privileges. The user only needs to click on a specially created link that opens the “about: blank” page with the help of an additional module.
To get rid of the vulnerability, you just need to update the program by downloading the latest versions from the Mozilla website.
')
via SecurityLab.ru
Source: https://habr.com/ru/post/12736/
All Articles