Four New Exploits Found For Mozilla Firefox Web Browser

Firefox logo

Each year, people gather in Vancouver for what’s called a hackfest. Experts attempt to break through the security of popular applications to reveal potential vulnerabilities. This year, web browsers were the focus with each of the most popular browsers being hacked successfully with at least one exploit. As Sebastian Anthony of Extreme Tech reports, Mozilla’s Firefox experienced the most security problems and four zero-day exploits were found.

A zero-day exploit refers to a way to successfully attack an application that’s discovered by someone outside of the manufacturer. These are dangerous exploits because they are revealed before the manufacturer has an opportunity to patch them. This leaves users vulnerable for days or weeks.

The vulnerabilities in Firefox are said to allow hackers to “do just about anything with your computer” when attacked correctly. These attacks all stem from convincing users to visit malicious websites specifically created for attacks.

Mozilla’s web browser has always been considered less secure than the other leading browsers. It was first included in the hackfest in 2009 and has been successfully exploited every year except 2011. In the past three years, however, all four major browsers, Chrome, Internet Explorer, Safari and Firefox, have all been successfully hacked at least once. Seeing four successful exploits in a single year is still a surprise.

Experts point to Firefox’s lack of a sandbox for its primary security shortcomings. A sandbox is a way of segregating one application from the rest of the system. This way, a successful exploit on the application doesn’t make the rest of your system vulnerable. Chrome, Safari and Internet Explorer, since version 9, all have implemented sandboxes. Firefox still does not use one, which allows attackers to exploit the browser to gain access to other applications and functions of a user’s computer.

All of the exploits discovered during the three day hackfest are reported to the browser manufacturer so they can be patched. Even so, it’s important to remember that no browser offers you perfect security. All have vulnerabilities that can be exploited if you aren’t careful or don’t have the correct security infrastructure in place.

If you’ve been the victim of an attack of would like to explore better security options, call Geek Rescue at 918-369-4335.

March 17th, 2014