Google recently patched a dangerous and actively exploited vulnerability in Chrome, through which hackers could gain access to user data. Mozilla has now discovered that Firefox contained a similar bug.
Firefox was susceptible to the same bug as Google Chrome. Chrome recently patched an actively exploited vulnerability, through which hackers could gain access to users’ data via phishing attacks. In contrast to other attacks, it was sufficient for victims to click on a link, and the damage was already done. At least one targeted campaign exploited the bug, known as Operation ForumTroll.
read also
Firefox Discovers (and Patches) Same Critical Bug as Chrome
The incident prompted Mozilla to examine the Firefox code, and indeed: Firefox was also found to be vulnerable to similar exploitation. Through the newly discovered vulnerability, criminals could abuse the inter-process communication code to escape the sandbox environment of the browser process.
Patch available
Firefox has since launched a patch. The main difference with Chrome is that Mozilla discovered the problem for Firefox in time. There are currently no indications of active exploitation of the bug.
Other Chromium-based browsers are likely susceptible to the vulnerability as well, although not many details about the vulnerability are available yet. A patch may still be on the way, or the bug might have been quietly squashed in an earlier update. In any case, it’s a good idea to keep your browser up to date.