Discovered a critical vulnerability in Firefox browser
Web browsers are the tools we use to surf the Internet and hence are one of the main targets for cybercriminals to get-to-get their threats to users. Chrome and Firefox are two of the most widely used today and there who are constantly in the crosshairs of cybercriminals and researchers, but opposite purposes. Some try to take advantage of any gaps or safety oversight to perform their attacks, while others try to detect any problem of this type to notify the company and put a solution.
In this sense, he is the turn to the browser Mozilla, since excavations have found a critical vulnerability that also affect the network Tor. Specifically a vulnerability could be exploited to carry out attacks middle-in-the-man (MITM) with which the attacker might be able to obtain false certificates for addons.mozilla.org.
In this way, Firefox users could see how they are offered some updating certain browser extensions such as NoScript, HTTPS Everywhere, among others, and that would be installed as if it were legitimate software when they really are not. This is a vulnerability that was detected last week by a group of experts known under the name @movrcx week that affected the Tor browser, although it has been patched to fix.
However, according to a report by security researcher Ryan Duff, the problem also affects the stable versions of Firefox and resides in the custom method in which the Mozilla browser handles Certificate pinning it comes to ensure that the browser only accepts certain key domains certificate rejecting the rest and avoid the user victim of an attack of this type.
Now, we just need Mozilla released a patch to fix this critical vulnerability, but is expected to take the release of version 49 of Firefox, which will launch tomorrow Mozilla and which is expected to have had enough time to add a solution to this fatal mistake. Therefore, you should upgrade as soon as possible or be aware of any patch that releases the company and to avoid infecting us through a fake update to some extent. Meanwhile, users of Tor already have available the version 6.0.5 which puts solution to vulnerability.