Security News > 2020 > June > Details Released for Recently Patched Code Execution Vulnerability in Firefox

Details Released for Recently Patched Code Execution Vulnerability in Firefox
2020-06-11 03:42

Cisco's Talos threat intelligence and research group has released information on a recently addressed vulnerability in Firefox that could be exploited for code execution.

Cisco Talos on Wednesday published technical details on the security flaw, explaining that successful exploitation could lead to remote code execution.

The root cause of this vulnerability is the lack of a Mutex object in the GetOrCreateWorkerManager method.

"Proper heap grooming can give an attacker full control of this use-after-free vulnerability and as a result could allow it to be turned into arbitrary code execution," Cisco's security researchers explain.

To exploit the vulnerability, an attacker needs to set up an HTML web page that was designed in such a manner that it would cause a race condition, thus leading to the use-after-free flaw and then remote code execution.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/oyMJoPgVlLY/details-released-recently-patched-code-execution-vulnerability-firefox