Mozilla Fixed 14 Vulnerabilities In Firefox
Mozilla Fixed 14 Vulnerabilities In Firefox

As we all know that Mozilla Corporation is a non-profit foundation which was established in August 2005 as a wholly owned taxable subsidiary. Recently Mozilla launched the latest version of its web browser Firefox (Version 46.0) in which Mozilla fixed 14 critical vulnerabilities.

Mozilla Fixed 14 Vulnerabilities In Firefox

[dropcap]The[/dropcap]Mozilla Corporation was established in August 2005 as a wholly owned taxable subsidiary that serves the non-profit, public benefit goals of its parent, the Mozilla Foundation, and the vast Mozilla community.

On Tuesday, April 26, 2016, Mozilla released a security patch update for its browser Firefox, which is used in Windows, Mac, Linux and Android. In the latest version of Firefox 46.0, Mozilla fixed 14 vulnerabilities with its patch update.

Vulnerability CVE-2016-2804, CVE-2160-2805, CVE-2160-2806, CVE-2160-2807 and CVE-2160-2808 allows attackers to remotely execute the code and gain control over it. An attacker could exploit the first four vulnerabilities to corrupt the memory via a specially configured HTML-file. Arbitrary code execution is also possible using these vulnerabilities in CVE-2160-2811 and CVE-2160-2812.

A vulnerability CVE-2160-2809 in Mozilla Maintenance Service allows you to delete the arbitrary files and increase the risk privileges of Windows. CVE-2160-2810 allows the application to read the stored data, including the browsing history in the browser, and stored passwords.

The problem affects the devices which are running on the Android version 5.0. (Android Lollipop). Exploiting the vulnerability CVE-2160-2813, an attacker can hack the data stored on your Android device and motion sensors. This could be done with the Javascript, which allows the attacker to fix the tap on the screen, and can lead to the abduction of PIN-codes and other activities.

The vulnerability CVE-2016-2814 could allow a buffer overflow, and using the CVE-2016-2816 vulnerability, you can get around the Content Protection Policy (CSP). An attacker can perform cross-site scripting, and can gain escalated privileges With CVE-2016-2817 and the vulnerability CVE-2160-2820 is caused due to the fact that Firefox Health Report takes certain events from untrusted domains.


Please enter your comment!
Please enter your name here