Firefox 0-day vulnerability in the wild

Message

Puppy · #1 Post by **Puppy** » Wed Nov 30, 2016 12:59 pm

https://www.wordfence.com/blog/2016/11/ ... -day-wild/
http://arstechnica.com/security/2016/11 ... d-in-2013/

- affects Firefox 41 to 50, incuding ESR and 50.0.1
- the exploit currently works on Windows only but other platforms are very likely affected as well
- it can run malicious code in context of logged user
- it is already being actively exploited, targets Tor (Firefox ESR based) browser
- the exploit code is disclosed so many other variants may already exists

The only workaround is to disable JavaScript or use another browser until fix is released.

Puppy · #2 Post by **Puppy** » Wed Nov 30, 2016 5:13 pm

Fix is available, I strongly recommend to install it ASAP

Firefox 50.0.2
Thunderbird 45.5.1

dr_st · #3 Post by **dr_st** » Fri Dec 02, 2016 1:15 pm

Pale Moon apparently also includes a fix for said vulnerability (CVE-2016-9079) in 27.0.2:
http://www.palemoon.org/releasenotes.shtml

Saucey · #4 Post by **Saucey** » Sun Dec 04, 2016 1:02 pm

Looks like I'll have to update Pale Moon then, thanks!

Summilux · #5 Post by **Summilux** » Mon Dec 05, 2016 8:43 pm

Thank you for the advices Puppy, I've updated both FF (just in case) and TB (used everyday).

Firefox 0-day vulnerability in the wild

Firefox 0-day vulnerability in the wild

Re: Firefox 0-day vulnerability in the wild

Re: Firefox 0-day vulnerability in the wild

Re: Firefox 0-day vulnerability in the wild

Re: Firefox 0-day vulnerability in the wild

Who is online