Firefox users urged to update their browsers immediately due to critical security flaw
FIREFOX BROWSER USERS have been urged to update their software with Mozilla’s latest patch as soon as they can.
The warning comes via Cisco’s security team, which is urging Firefox users to install Mozilla latest update for its web browser, which was released earlier this week.
If left unpatched, the critical vulnerability (CVE-2018-5124) could allow remote attackers to execute malicious code on computers which are infected, Cisco’s threat team said in its security advisory.
According to the researchers, the vulnerability is a result of “insufficient sanitisation of HTML fragments” in chrome-privileged documents by the affected software.
It affects Firefox web browser versions 56 (.0, .0.1, .0.2), 57 (.0, .0.1, .0.2, .0.3, .0.4), and 58 (.0). Android users, however, need not to worry as this bug doesn’t affect the Android Firefox browser app.
“An attacker could exploit the vulnerability by persuading a user to access a link or file that submits malicious input to the affected software,” Cisco’s advisory says.
“A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user.”
This essentially means that any poor bugger that has elevated privileges could be compromised by an attacker, who in turn could take control of the entire system and even have a field day installing programmes, creating new accounts with full user rights, and viewing, changing or deleting data.
Cisco hasn’t gone full-on fear mongering with this warning, though. It advised that if the application has been configured to have fewer user rights on the system, the exploitation of this vulnerability could have less of an impact.
And if you install the patch, you’ll be fine anyway. It can be downloaded from the company’s official website. But don’t wait around, Cisco’s security buffs said that it should be installed “immediately” before hackers take advantage of the flaw. In the meantime, you should avoid opening links provided in emails or messages if they appear from suspicious or unrecognised sources, Cisco said. µ
Source : Inquirer