Patch/Configuration Management, Vulnerability Management

Mozilla patches critical flaws in Firefox 57.0.1 update

Mozilla released a security update to address critical vulnerabilities in Firefox 57 which could allow a remote attacker to take control of an affected system.

The security advisory is rated critical and patches a vulnerability which allows a web worker in Private Browsing mode to write IndexedDB data and a vulnerability which allows visited history information to leak through SVG images, according to a Nov 29 advisory.

The first vulnerability ,CVE-2017-7843, is enabled when Private Browsing mode is enabled and allows a web worker to write persistent data to IndexedDB while fingerprinting a user uniquely.

The second vulnerability, CVE-2017-7844, is caused by a combination of an external SVG image referenced on a page and the coloring of anchor links stored within and image that can be used to determine which pages a user has in their history allowing a malicious website to query user history

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.