Critical Vulnerability in Firefox and Tor Browser Allows Remote Code Execution

 


A critical vulnerability in Firefox, Firefox ESR, and Tor Browser allows attackers to execute code on users' systems, in the worst case scenario, taking full control of the underlying system. Just visiting a malicious or compromised website is enough. No further user interaction is required.


The vulnerability resides in the Angle graphics library. While processing compressed textures, an attacker can cause a buffer overflow that allows remote code execution. Users are advised to update to Firefox 85.0.1, Firefox ESR 78.7.1 or Tor Browser 10.0.11 . This can be done via the automatic update function as well as Mozilla.org or TorProject.org .

Previous Post Next Post