DEV Community

Hung Vu
Hung Vu

Posted on • Originally published at hungvu.tech

1 1 1 1 1

Update Firefox products now to fix critical vulnerabilities

During the Pwn2Own Vancouver 2022 hacking event, Manfred Paul demonstrated an attack on the Firefox browser that involves two types of vulnerabilities: prototype pollution (CVE-2022-1802), and improper input validation (CVE-2022-1529). The attack took about 8 seconds to perform, resulting in a sandbox escape and eventually controlling the victim's operating system. In practice, users can be affected right after visiting a malicious website on a vulnerable system.

Two days after the demonstration, Mozilla released Firefox 100.0.2, Firefox for Android 100.3.0, Firefox ESR 91.9.1, and Thunderbird 91.9.1 to patch the vulnerabilities. Other Firefox-based browsers such as Tor are also affected by the vulnerabilities. Users and system administrators are recommended to upgrade the affected products to the latest version as soon as possible.

The attack is shown below (starts at 3:23).


Interested in programming? My other articles might be helpful to you!

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post →

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more