Tuesday, November 26, 2024
HomeHacksMozilla Firefox Fixed More than 25 Critical and High Critical Vulnerabilities in...

Mozilla Firefox Fixed More than 25 Critical and High Critical Vulnerabilities in Firefox 54.0 Release – Its time to Update your Firefox

Published on

Firefox has between 9% and 16% of worldwide usage as a “desktop” browser and 2nd Most Popular Web Browser in the Globe. The latest version of the “Firefox 54.0” Released with 32 Patched Critical and High  Critical Vulnerabilities and some of the Vulnerabilities Leads to Crash the Browser.

This vulnerability was Reported by Many individual Security Researchers and some of the Vulnerabilities Discovered by Mozilla developers and community.

Firefox 54.0

Mozilla is calling Firefox 54.0 “the best Firefox ever,” since new version Release with Futures of multiple content processes, a UI process, and a GPU acceleration process.

- Advertisement - SIEM as a Service

This New version contains  multiple content processes will improve stability and performance (one bad tab won’t slow down the rest of your computer)

  • New futures added including, Simplified the download button and download status panel and Added support for multiple content processes.
  • New Version changes, Moved the mobile bookmarks folder to the main bookmarks menu for easier access

To Run even complex sites faster, Mozilla changed multiples Operating system Processing.

The old Firefox used a single process to run all the tabs in a browser. Modern browsers split the load into several independent processes. 

Resulted in a crash Browser

These Vulnerabilities lead to Crash the Entire Browser.

CVE-2017-5472:

A Frame loader Vulnerabilities has leads to Crash the Browser while regenerating CSS layout when access nonexisting Tree Node.

CVE-2017-7749:

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash.

CVE-2017-7750:

This Vulnerability also leads to Crash, During Video Control Operation old window Referred by <Track> element when old window replaced by Document object model.

CVE-2017-7751

A use-after-free vulnerability with content viewer-listeners that results in a potentially exploitable crash.

CVE-2017-7756

logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash.

CVE-2017-7757

IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed.

Also Read Fast and Complete SSL Scanner to Find Mis-configurations affecting TLS/SSL Severs -A Detailed Analysis

Privilege Escalation 

These are critical privilege escalation vulnerabilities that have been fixed by Mozilla.

CVE-2017-7760

This Vulnerability indicates manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service. This Vulnerability affected only Windows OS since this need local privilege to access.

CVE-2017-7761:

This High critical vulnerability leads to deleted the files and escalates the privilege using helper.exe Mozilla maintenance service.

CVE-2017-7766:

An attack using manipulation of updater.ini contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution

CVE-2017-7767

To overwrite arbitrary files with junk data using the Mozilla Windows Updater using  Maintenance invoked by an unprivileged user which only affected by Windows user.

CVE-2017-7768

Maintenance Service executes with privileged access, bypassing system protections against unprivileged by the user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater.

Also read Millions of time Downloaded dangerous malware app

All the fixed  Vulnerabilities are Explained in Firefox Blog

Download New Version

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Beware Of SpyLoan Apps Exploits Social Engineering To Steal User Data

SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive...

Researchers Detailed Tools Used By Hacktivists Fueling Ransomware Attacks

CyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec,...

Blue Yonder Ransomware Attack Impacts Starbucks & Multiple Supermarkets

A ransomware attack on Blue Yonder, a leading supply chain management software provider, has...

Dell Wyse Management Suite Vulnerabilities Let Attackers Exploit Affected Systems Remotely

Dell Technologies has released a security update for its Wyse Management Suite (WMS) to...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Telegram Bot Selling Phishing Tools to Bypass 2FA & Hack Microsoft 365 Accounts

A newly discovered phishing marketplace, ONNX Store, empowers cybercriminals to launch sophisticated attacks against...

Mobile Device Management Vendor Mobile Guardian Hacked

 Mobile Guardian, a leading Mobile Device Management (MDM) vendor, experienced unauthorized access to its...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...