Chain a series of Medium / Low vulnerabilities together until they get the level of access they require, e.g. remote code execution. They have a permanent window of exposure.
Is it enough? I think we've gone beyond boundaries of this topic too far.
Yes, but again - Extended Support Release builds are Release builds with all the Critical and High security bugs patched, about every 6 weeks. Chain a series of Medium / Low vulnerabilities together and you could get RCE very easily for adversary with proper resources.
Do you understand the concept of threat modelling? Obviously not. We're talking about adversaries with proper resources (e.g. Nation States, APTs, Offensive Intelligence, Major hacker groups).
But usually cleverly crafted XSS (which is opportunistic kind of attack) works with Firefox ESR too. They are mainly blocked by Chrome at the same time.
Do I see like an adversary with proper resources? If yes, you should probably take a cold shower. If not, why do you ask me stupid question like this. Let's make a deal: Try to study main concepts of information security at your local university and then we can discuss it like two people with equivalent degree of knowledge and understanding in this field. Otherwise, please do not ask me another stupid questions. Thank you.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Case of threat modelling:
Chain a series of Medium / Low vulnerabilities together until they get the level of access they require, e.g. remote code execution. They have a permanent window of exposure.
Is it enough? I think we've gone beyond boundaries of this topic too far.
Ah, I almost forgot this nice little 'feature'.
You gotta remember that it just means that Firefox builds are thoroughly tested before release.
Yes, but again - Extended Support Release builds are Release builds with all the Critical and High security bugs patched, about every 6 weeks. Chain a series of Medium / Low vulnerabilities together and you could get RCE very easily for adversary with proper resources.
If it’s so easy, do it and I’ll talk to you when you’re done.
Do you understand the concept of threat modelling? Obviously not. We're talking about adversaries with proper resources (e.g. Nation States, APTs, Offensive Intelligence, Major hacker groups).
But usually cleverly crafted XSS (which is opportunistic kind of attack) works with Firefox ESR too. They are mainly blocked by Chrome at the same time.
Well you said that RCE was easy with the proper resources, so I'm asking you to obtain those resources and prove your point.
Do I see like an adversary with proper resources? If yes, you should probably take a cold shower. If not, why do you ask me stupid question like this. Let's make a deal: Try to study main concepts of information security at your local university and then we can discuss it like two people with equivalent degree of knowledge and understanding in this field. Otherwise, please do not ask me another stupid questions. Thank you.