» »

Firefox 0-day

Firefox 0-day

jukoz ::

http://arstechnica.com/security/2015/08...

Ker ni še nihče postal:

"The exploit code targeting Linux users uploaded cryptographically protected system passwords, bash command histories, secure shell (SSH) configurations and keys. The attacker downloaded several other files, including histories for MySQL and PgSQL and configurations for remina, Filezilla, and Psi+, text files that contained the strings "pass" and "access" in the names. Any shell scripts were also grabbed."

"According to a blog post published Friday by Martijn Grooten, a security researcher for Virus Bulletin, the bug allows attackers to create malicious PDF files that inject JavaScript code into the local file context. The exploit bypasses the same-origin policy, allowing attackers to download local files."

"The exploit leaves no trace it has been run on the local machine," Veditz wrote. "If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs. People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used."


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

Ranljivost v AMD Ryzen procesorjih (strani: 1 2 )

Oddelek: Strojna oprema
556251 (1345) Mr.B
»

Šifriranje folderja/container na PC brez pravic

Oddelek: Pomoč in nasveti
112224 (1939) sodnicaN
»

Windows švicarski sir z luknjo GDI32 (strani: 1 2 )

Oddelek: Novice / Varnost
5311517 (9070) denial
»

Linux varnostne luknje

Oddelek: Operacijski sistemi
302446 (2199) BigWhale

Več podobnih tem