Network Security, Patch/Configuration Management, Vulnerability Management

Mozilla patches critical Firefox flaw weeks after update

Mozilla Monday released a security update to patch a critical flaw in Firefox which could allow an attacker to take control of the affected system.

The vulnerability, CVE-2016-9078, only affects Firefox 49 and 50 and was patched in version 50.0.1 and could allow a URL to inherit the wrong origin after an HTTP redirect, according to a Nov. 28 security advisory.

“This can result in same-origin violations against a domain if it loads resources from malicious sites,” the advisory said. “Cross-origin setting of cookies has been demonstrated without the ability to read them.”

Anyone using an infected system is encouraged to update as soon as possible. Earlier this month, Mozilla released a number of security fixes affecting two of its Firefox browsers - the widely used consumer edition, v50, and ESR 45.5, intended for enterprises which manage client desktops.  

Related

Key cybersecurity concerns among CISOs examined

Mounting zero-day vulnerabilities, more sophisticated living-off-the-land attack techniques, and escalating extortion levels were noted by Mandiant executives to be among the most pressing cybersecurity concerns faced by chief information security officers, CyberScoop reports.

US, Australia apprehend Firebird RAT developer

The FBI and Australian Federal Police have partnered to arrest and indict an unnamed Australian who developed Firebird/Hive remote access trojan and California-based Edmond Chakhmakchyan, also known as Corruption, who allegedly marketed the RAT, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.