Полезная информация

Общайтесь со знакомыми и друзьями в нашей группе в Контакте.

№107-12-2016 13:00:53

InfSub
iMacroModer
 
Группа: Moderators
Откуда: DeepTown
Зарегистрирован: 13-05-2013
Сообщений: 2688
UA: Chrome 54.0
Веб-сайт

уязвимость 0 дня в Firefox 41-50 в т.ч. и ESR

Emergency Bulletin: Firefox 0 day in the wild. What to do.

Firefox released a fix for this a few minutes ago. Update to Firefox 50.0.2 now to patch this vulnerability. Tor have also released a fix with version 6.0.7 of their browser.There is also a Thunderbird fix out, version 45.5.1. I also posted an extended update at the end of the post including data indicating this exploit may be part of a law enforcement operation.

We’re publishing this as an emergency bulletin for our customers and the larger web community. A few hours ago a zero day vulnerability emerged in the Tor browser bundle and the Firefox web browser. Currently it exploits Windows systems with a high success rate and affects Firefox versions 41 to 50 and the current version of the Tor Browser Bundle which contains Firefox 45  ESR.

If you use Firefox, we recommend you temporarily switch browsers to Chrome, Safari or a non-firefox based browser that is secure until the Firefox dev team can release an update. The vulnerability allows an attacker to execute code on your Windows workstation. The exploit is in the wild, meaning it’s now public and every hacker on the planet has access to it. There is no fix at the time of this writing.

Currently this exploit causes a workstation report back to an IP address based at OVH in France. But this code can likely be repurposed to infect workstations with malware or ransomware. The exploit code is now public knowledge so we expect new variants of this attack to emerge rapidly.

This is a watering hole attack, meaning that a victim has to visit a website that contains this exploit code to be attacked. So our forensic team is keeping an eye on compromised WordPress websites and we expect to see this code show up on a few of them during the next few days. An attackers goal would be to compromise workstations of visitors to WordPress websites that have been hacked.

ссылка на полный текст статьи на английском
Войдите или зарегистрируйтесь, чтобы увидеть скрытый текст.

Отредактировано InfSub (07-12-2016 13:04:08)


Правила форума iMacros for Firefox
Мини FAQ по iMacros for Firefox

на почту, только с интересными предложениями по скриптам (iMacros/iMacros+JS)!

Отсутствует

 

№207-12-2016 13:35:53

VEG
Участник
 
Группа: Members
Зарегистрирован: 05-03-2005
Сообщений: 435
UA: Firefox 51.0

Re: уязвимость 0 дня в Firefox 41-50 в т.ч. и ESR

Вы опоздали на неделю с этой новостью.
https://forum.mozilla-russia.org/viewtopic.php?id=71008


С наилучшими пожеланиями, Евгений.
Pure URL — расширение для автоматического удаления мусора наподобие "utm_source" из URL

Отсутствует

 

Board footer

Powered by PunBB
Modified by Mozilla Russia
Copyright © 2004–2011 Mozilla Russia
Язык отображения форума: [Русский] [English]