Mozilla Firefox 75 Is Out With Fixes For RCE vulnerabilities

In The Name OF Allah
Al-Salam Alekum

[Image: Firefox-75.png]

Hello guys?! How are you doing, looks like our loved browser released another version..
Quote:Mozilla recently disclosed numerous security bugs in their Firefox browser. These include several RCE vulnerabilities in Firefox and Firefox ESR.


In the case of Firefox, the most important bug was a high-severity flaw CVE-2020-6821 leading to information disclosure.

Firefox ESR also exhibited two high-severity flaws affecting Android devices. The first of these CVE-2020-6828 was an Android takeover bug. Regarding this vulnerability, Mozilla explains in its advisory,

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user’s profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI.

The Source
Wa Salam Alekum


* This article was originally published here

Comments