Since these UI components are not sandboxed from the code that powers Firefox webpages, an attacker can hide malicious code on a poisoned website then load it away from UI and straight into the browser or computer itself. ![]() This includes Firefox’s menu bar, toolbars, tab indicators, progress bars and user interfaces created by add-ons. Severe flaw in Firefox UI componentįirefox’s UI component, named “Chrome” UI (not to be confused with Google’s Chrome browser, they’re totally unrelated), is any visible part of the browser aside from the webpage itself. ![]() The bug ( CVE-2018-5124) was discovered by Mozilla engineer Johann Hofmann and it would have allowed an attacker to run unsanitized HTML code by exploiting Firefox’s User Interface component to deliver malware, steal data or even take full control of a computer.
0 Comments
Leave a Reply. |