Mozilla has patched a Firefox vulnerability that was recently found in the "chrome" portion of its browser. The fix was rolled out in Firefox 58.0.1 and has also been applied to the beta version of 59. The fix will be permanent in versions 60 onward.
The "chrome" of Firefox is not to be confused with Google's browser, but more along the line of the flashy metal that spruces up cars and gadgets. In this case, Firefox's chrome involves UI elements such as the menu and progress bars, title and toolbars, or other elements created by add-ons.
According to Bleeping Computer, which followed up on the bug:
These components aren't separated from the code that runs in web pages. Hoffman says that a malicious website could run code meant for Firefox UI elements.
The attacker could hide unsanitized HTML inside this code that breaks the execution chain away from the Firefox chrome UI component and runs commands on the underlying browser/computer.
The code runs with the current user's privileges. If the user is using an admin account, then the code can run SYSTEM-level commands.
The critical vulnerability, found by Mozilla engineer Johann Hofmann, was logged and identified as "Bug 1432966: Sanitize HTML fragments created for chrome-privileged documents" within Mozilla's team.
If you are running older versions of Firefox, you are encouraged to update immediately to version 58.0.1. The vulnerability did not affect Firefox on Android or Firefox 52 ESR. If you are testing beta 59, an update has already been pushed. It has also been applied to Firefox 60 as well.
Thanks to Jim K for the tip.
9 Comments - Add comment