Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking (now patched)

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,590
Content source
https://threatpost.com/firefox-chrome-edge-bugs-system-hijacking/162873/
Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.

Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software.
The Mozilla Firefox vulnerability (CVE-2020-16044) is separate from a bug reported in Google’s browser engine Chromium, which is used in the Google Chrome browser and Microsoft’s latest version of its Edge browser.

Critical Firefox Use-After-Free Bug

On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) urged users of Mozilla Foundation’s Firefox browser to patch a bug, tracked as CVE-2020-16044, and rated as critical. The vulnerability is classified as a use-after-free bug and tied to the way Firefox handles browser cookies and if exploited allows hackers to gain access to the computer, phone or tablet running the browser software.

Impacted are Firefox browser versions released prior to the recently released Firefox desktop 84.0.2, Firefox Android 84.1.3 edition and also Mozilla’s corporate ESR 78.6.1 version of Firefox.

“A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code,” according to a Mozilla security bulletin posted Thursday.

Chromium Browser Bug Impacts Chrome and Edge

Also on Thursday, CISA urged Windows, macOS and Linux users of Google’s Chrome browser to patch an out-of-bounds write bug (CVE-2020-15995) impacting the current 87.0.4280.141 version of the software. The CISA-bug warning stated that the update to the latest version of the Chrome browser would “addresses vulnerabilities that an attacker could exploit to take control of an affected system.”

Because Microsoft’s latest Edge browser is based on Google Chromium browser engine, Microsoft also urged its users to update to the latest 87.0.664.75 version of its Edge browser.

While researchers at Tenable classify the out-of-bounds bug as critical, both Google and Microsoft classified the vulnerability as high severity. Tencent Security Xuanwu Lab researcher Bohan Liu is credited for finding and reporting the bug.
Click to expand...
So, update your browser and read the full story here at Threatpost:
threatpost.com

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking

Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
threatpost.com threatpost.com
 
  • Like
  • +Reputation
  • Wow
Reactions: Viking, Venustus, Protomartyr and 6 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Thanks
Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks
Replies
1
Views
1,514
News Archive
nicolaasjan
nicolaasjan
CyberTech
    • Like
    • +Reputation
Critical WebP bug: many apps, not just browsers, under threat
Replies
1
Views
1,536
News Archive
Andy Ful
Andy Ful
vtqhtr413
    • +Reputation
    • Like
    • Applause
Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update
Replies
0
Views
1,035
News Archive
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top