Mozilla Firefox Patches Multiple Zero Days

Mozilla Firefox Vulnerabilities

The first vulnerability that was patched was a Universal Cross-site Scripting (UXSS) attack, this attack worked on any Windows, MacOS and Linux device.  The issue could be combined with a sandbox escape issue that would allow an attacker to execute arbitrary code remotely on the targeted system.

The second vulnerability is a sandbox escape vulnerability which chained with a vulnerability like the one above can lead to arbitrary code being executed remotely.  Browser sandboxing is a security mechanism that keeps third-party processes isolated to the browser, preventing damaging parts of the computers operating system.

Firefox is setup by default to check for and update automatically upon program startup.  However, it is recommended that users of the Firefox browser check to see if the latest version is installed, Firefox 67.0.4.

Setting Software Restriction Policies (SRP) is an important feature available within Microsoft Azure.  SRPs is a Group Policy-based feature that identifies software programs running on computers within the domain, and controls whether they are allowed to run or not.

A domain admin can use these policies to create a highly restricted configuration for computers which only allow specific identified applications to run.  Setting SRPs within a domain will help protect against unlicensed, unknown or untrusted applications from being ran within the company domain.

If you are interested in learning more, view our latest posts on web application security.

Abusing Insecure WCF Endpoints

Learn useful techniques to identify vulnerable WCF services, discover what to look for when analyzing decomposed .NET assemblies, including those that have been obfuscated, and watch a demonstration of attacks against real software.