Security News
Google's Threat Analysis Group said on Wednesday that its researchers discovered commercial spyware called Heliconia that's designed to exploit vulnerabilities in Chrome and Firefox browsers as well as Microsoft Defender security software. The three components perform the following functions: Heliconia Noise is a web framework for deploying an exploit for a Chrome renderer bug followed by a sandbox escape; Heliconia Soft is a web framework that deploys a PDF containing a Windows Defender exploit; and Files is a set of Firefox exploits for Linux and Windows.
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group researchers Clement Lecigne and Benoit Sevens said in a write-up.
A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device," Google Threat Analysis Group researchers Clement Lecigne and Benoit Sevens said in a write-up.
The highest severity level is High, which applies to seven different bugs, four of which are memory mismanagement flaws that could lead to a program crash, including CVE-2022-45407, which an attacker could exploit by loading a font file. Most bugs relating to font file usage are caused by the fact that font files are complex binary data structures, and there are many different file formats that products are expected to support.
Mozilla has fixed a known issue causing the Firefox web browser to freeze when copying text on Windows 11 devices where the Suggested Actions clipboard feature is enabled. The issue impacts Firefox users running Microsoft's latest OS release, Windows 11, version 22H2, where this new feature is enabled by default.
CVE-2022-38477 covers bugs that affect only Firefox builds based on the code of version 102 and later, which is the codebase used by the main version, now updated to 104.0, and the primary Extended Support Release version, which is now ESR 102.2. CVE-2022-38478 covers additional bugs that exist in the Firefox code going back to version 91, because that's the basis of the secondary Extended Support Release, which now stands at ESR 91.13.
There's the latest-and-greatest version, currently 103, which has all the latest features and relevant security fixes. There's the Extended Support Release flavour, which synchs up with the features in the latest version every few months, but in between gets security updates only, thus bringing in new features only after they've been available to try out in the mainstream version for some time.
This bug allows a malicious website to create a popup window and then resize it to overwrite the browser's own address bar. This address bar spoofing bug only applies to Firefox on Linux; on other operating systems, the bug apparently can't be triggered.
Mozilla Firefox 102 was released today with a new privacy feature that strips parameters from URLs that are used to track you around the web. Numerous companies, including Facebook, Marketo, Olytics, and HubSpot, utilize custom URL query parameters to track clicks on links.
Mozilla says that all Firefox users will now be protected by default against cross-site tracking while browsing the Internet. "Total Cookie Protection is Firefox's strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site."