Forum » Informacijska varnost » Firefox 0-day
Firefox 0-day
jukoz ::
http://arstechnica.com/security/2015/08...
Ker ni še nihče postal:
"The exploit code targeting Linux users uploaded cryptographically protected system passwords, bash command histories, secure shell (SSH) configurations and keys. The attacker downloaded several other files, including histories for MySQL and PgSQL and configurations for remina, Filezilla, and Psi+, text files that contained the strings "pass" and "access" in the names. Any shell scripts were also grabbed."
"According to a blog post published Friday by Martijn Grooten, a security researcher for Virus Bulletin, the bug allows attackers to create malicious PDF files that inject JavaScript code into the local file context. The exploit bypasses the same-origin policy, allowing attackers to download local files."
"The exploit leaves no trace it has been run on the local machine," Veditz wrote. "If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs. People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used."
Ker ni še nihče postal:
"The exploit code targeting Linux users uploaded cryptographically protected system passwords, bash command histories, secure shell (SSH) configurations and keys. The attacker downloaded several other files, including histories for MySQL and PgSQL and configurations for remina, Filezilla, and Psi+, text files that contained the strings "pass" and "access" in the names. Any shell scripts were also grabbed."
"According to a blog post published Friday by Martijn Grooten, a security researcher for Virus Bulletin, the bug allows attackers to create malicious PDF files that inject JavaScript code into the local file context. The exploit bypasses the same-origin policy, allowing attackers to download local files."
"The exploit leaves no trace it has been run on the local machine," Veditz wrote. "If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs. People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used."
Vredno ogleda ...
| Tema | Ogledi | Zadnje sporočilo | |
|---|---|---|---|
| Tema | Ogledi | Zadnje sporočilo | |
| » | Ranljivost v AMD Ryzen procesorjih (strani: 1 2 )Oddelek: Strojna oprema | 5374 (468) | Mr.B |
| » | Šifriranje folderja/container na PC brez pravicOddelek: Pomoč in nasveti | 2070 (1785) | sodnicaN |
| » | Windows švicarski sir z luknjo GDI32 (strani: 1 2 )Oddelek: Novice / Varnost | 11199 (8752) | denial |
| » | Linux varnostne luknjeOddelek: Operacijski sistemi | 2339 (2092) | BigWhale |