Mozilla Fixes Critical Firefox Flaw That Allows Remote Code Execution
By Netvora Tech News
Mozilla has patched a critical vulnerability in its Firefox browser that could have allowed attackers to take control of systems remotely. The flaw, which is located in the libvpx encoder used by the browser for WebRTC, has no CVE number yet and could lead to a remote code execution attack.
How the Flaw Works
The vulnerability, known as a "double-free" bug, occurs when the libvpx encoder is used to process WebRTC video streams. If exploited, it could cause a crash in the browser, allowing an attacker to execute malicious code.
This means that simply visiting a compromised or malicious website, or viewing infected ads, could be enough to infect a user's system with malware. No further user interaction is required.
History of the Flaw
This is not the first time a libvpx vulnerability has been exploited. Two years ago, a similar flaw was actively used to target Google Chrome users before a security update was available.
Patched Versions
Mozilla has released patched versions of its Firefox browser to address the issue. The affected versions include Firefox ESR 115.24, Firefox ESR 128.11, Firefox 139, Thunderbird 128.11, and Thunderbird 139.
In addition, a new version of the Tor Browser, which is based on Firefox, has also been released (14.5.3). Users can update automatically using the browser's built-in update feature.
- Firefox ESR 115.24
- Firefox ESR 128.11
- Firefox 139
- Thunderbird 128.11
- Thunderbird 139
- Tor Browser 14.5.3
Users are advised to update their browsers as soon as possible to protect against potential attacks.
Comments (0)
Leave a comment