Mozilla has released three security advisories to address two critical vulnerabilities in Firefox and Firefox ESR.
- CVE-2025-4918 is an ‘out-of-bounds access when resolving promise objects’ vulnerability. If exploited, could allow an attacker to perform an out-of-bounds read or write on a JavaScript Promise object.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- 2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw
September 27, 2017
A bug in Linux kernel that was discovered two years ago, but was not considered a security threat at that time, has now been recognised as a potential local privilege escalation flaw. Identified as CVE-2017-1000253, the bug was initially discovered by Google researcher Michael Davidson in April 2015. Since it was not recognised as a serious bug at that ...
- Researchers promise demo of ‘God-mode’ pwnage of Intel mobos
September 26, 2017
Security researchers say they’ve found a way to exploit Intel’s accident-prone Management Engine, and will reveal the problem at Black Hat Europe in December. Positive Technologies researchers say the exploit “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard via Skylake+”. Intel Management Engine (ME), a microcontroller that ...
- macOS High Sierra Zero-Day Exploit Puts Users’ Stored Keychain Passwords at Risk
September 25, 2017
It would appear that Apple’s recently released macOS High Sierra 10.13 operating system comes with a zero-day exploit that could put your stored Keychain passwords at risk if your Mac gets hacked. Patrick Wardle, a security researcher that apparently worked for NSA, published information about the said zero-day security issue minutes after Apple released the macOS ...
- EternalBlue Exploit Used in Retefe Banking Trojan Campaign
September 22, 2017
Criminals behind the Retefe banking Trojan have added a new component to their malware that uses the NSA exploit EternalBlue. The update makes Retefe the latest malware family to adopt the SMBv1 attack against a patched Windows vulnerability, and could signal an emerging trend, said researchers at Proofpoint. Earlier this year, researchers at Flashpoint observed the TrickBot ...
- IoT botnet Linux.ProxyM turns its grubby claws to spam rather than DDoS
September 22, 2017
An IoT botnet is making a nuisance of itself online after becoming a conduit for spam distribution. Linux.ProxyM has the capability to engage in email spam campaigns with marked difference to other IoT botnets, such as Mirai, that infamously offered a potent platform for running distributed-denial-of-service attacks (DDoSing). Other IoT botnets have been used as proxies ...
- CCleaner Malware Infects Big Tech Companies With Second Backdoor
September 20, 2017
The group of unknown hackers who hijacked CCleaner’s download server to distribute a malicious version of the popular system optimization software targeted at least 20 major international technology companies with a second-stage payload. Earlier this week, when the CCleaner hack was reported, researchers assured users that there’s no second stage malware used in the massive attack and affected users ...