Firefox Under Fire: Anatomy of latest 0-day attack
The recent Firefox attacks are an example of active in-the-wild exploitation of a serious software vulnerability. On the August 6th, the Mozilla Foundation released a security update for the Firefox web browser that fixes the CVE-2015-4495 vulnerability in Firefox’s embedded PDF viewer, PDF.js. This vulnerability allowed attackers to bypass the same-origin policy and execute JavaScript remotely that will be interpreted in the local file context.
Continue Reading http://www.welivesecurity.com
Join the Discussion