Update Firefox products now to fix critical vulnerabilities

Photo by John Schnobrich on Unsplash

Update Firefox products now to fix critical vulnerabilities

The attack took about *8 seconds* to perform, resulting in a sandbox escape and eventually controlling the victim's operating system.

Hung Vu's photo
Hung Vu
·May 27, 2022·

1 min read

Subscribe to my newsletter and never miss my upcoming articles

Play this article

During the Pwn2Own Vancouver 2022 hacking event, Manfred Paul demonstrated an attack on the Firefox browser that involves two types of vulnerabilities: prototype pollution (CVE-2022-1802), and improper input validation (CVE-2022-1529). The attack took about 8 seconds to perform, resulting in a sandbox escape and eventually controlling the victim's operating system. In practice, users can be affected right after visiting a malicious website on a vulnerable system.

Two days after the demonstration, Mozilla released Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, and Thunderbird 91.9.1 to patch the vulnerabilities. Other Firefox-based browsers such as Tor are also affected by the vulnerabilities. Users and system administrators are recommended to upgrade the affected products to the latest version as soon as possible.

The attack is shown below (starts at 3:23).


Interested in programming? My other articles might be helpful to you!

 
Share this