Jump to content

Critical vulnerabilities found in Firefox allow hackers to gain control of infected systems | Patch now!

AlTech
By AlTech
in Tech News
 Share
Posted
  • Author
22 minutes ago, Mark Kaine said:

There is no good reason to disclose the vulnerability to "the public"

Once it has been patched there is, to help people know what the exploits are so they can defend themselves and so future would be security researchers can learn more about cyber security and gain enough knowledge and proficiency to make it their area of specialization.

Judge a product on its own merits AND the company that made it.

How to setup MSI Afterburner OSD | How to make your AMD Radeon GPU more efficient with Radeon Chill | (Probably) Why LMG Merch shipping to the EU is expensive

Oneplus 6 (Early 2023 to present) | HP Envy 15" x360 R7 5700U (Mid 2021 to present) | Steam Deck (Late 2022 to present)

 

Mid 2023 AlTech Desktop Refresh - AMD R7 5800X (Mid 2023), XFX Radeon RX 6700XT MBA (Mid 2021), MSI X370 Gaming Pro Carbon (Early 2018), 32GB DDR4-3200 (16GB x2) (Mid 2022

Noctua NH-D15 (Early 2021), Corsair MP510 1.92TB NVMe SSD (Mid 2020), beQuiet Pure Wings 2 140mm x2 & 120mm x1 (Mid 2023),

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
32 minutes ago, Mark Kaine said:

There is no good reason to disclose the vulnerability to "the public" 

These disclosures are the best way to expose companies doing a terrible job at writing secure code. It can be also an educational piece for programmers to learn from past mistakes. I think these two alone are a pretty good reason to release them into the wild after patches got released.....

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 5/28/2022 at 12:04 AM, Vishera said:

Yes but with reduced functionality.

The fact that malicious payloads like this can't be patched is concerning.

Nobody wants websites to have the ability to exploit JavaScript and mine crypto currency with their hardware.

Also JavaScript is widely used for fingerprinting users and tracking user behavior - which is another malicious script that you don't want websites to use.

There should be safe guards implemented in JavaScript and in browsers to mitigate such vulnerabilities and exploits.

Sounds like some bs someone with no clue about software engineering came up with.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 5/27/2022 at 9:20 PM, FakeKGB said:

And this is why any web browser can and should be sandboxed to hell and back, then to heaven and back, then add 2000 more layers on that.

Every program and application should be, but mehh...

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, Just that Mario said:

Sounds like some bs someone with no clue about software engineering came up with.

What's BS here?

You can mine crypto currency with JavaScript and you can track users with JavaScript.

A PC Enthusiast since 2011
AMD Ryzen 7 5700X@4.65GHz | GIGABYTE GTX 1660 GAMING OC @ Core 2085MHz Memory 5000MHz
Cinebench R23: 15669cb | Unigine Superposition 1080p Extreme: 3566
Link to comment
Share on other sites
Link to post
Share on other sites
Posted
On 5/27/2022 at 4:36 PM, AluminiumTech said:

This is scary stuff. JavaScript once again rearing it's ugly head with exploit after exploit. I guess this is why we constantly need new versions of browsers. Somewhat ironically this, at least in part, validates Apple's claims about not letting apps use 3rd party browser engines on IOS due to security reasons since if FF for IOS did use the same engine then it would also face this issue but it doesn't because of Apple's browser engine rules on IOS.

Seems more like issue of HOW JS has been implemented by the browser engine than issue of a specific language. JS is just syntax, which gets translated to low-level language. The description of the issue given doesn't even really go into details about how it was done, which is bit shameful.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
8 minutes ago, Vishera said:

What's BS here?

You can mine crypto currency with JavaScript and you can track users with JavaScript.

Your entire comment and logic. How is it a language's fault you can use it to create malicious software? By your logic all programming languages are root of all evil and shouldn't exist. Wait, but it's computers that execute that code, perhaps computers shouldn't exist? We really should go back to just writing letters to each other and ditch electronics!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
44 minutes ago, Just that Mario said:

How is it a language's fault you can use it to create malicious software? By your logic all programming languages are root of all evil and shouldn't exist. Wait, but it's computers that execute that code, perhaps computers shouldn't exist? We really should go back to just writing letters to each other and ditch electronics!

That's a misunderstanding,I am not saying that we should nuke JavaScript.

What i am saying is that we should put safeguards against malicious scripts on the web.

One way to do that is have the browsers block scripts that are deemed malicious (similarly to the concept of antiviruses),

So instead of the crypto miner or tracker running in the background without you noticing the browser can have a pop up window: "A crypto miner was detected,run it anyway?"

We have the technology,script blockers have existed for a long time.

A PC Enthusiast since 2011
AMD Ryzen 7 5700X@4.65GHz | GIGABYTE GTX 1660 GAMING OC @ Core 2085MHz Memory 5000MHz
Cinebench R23: 15669cb | Unigine Superposition 1080p Extreme: 3566
Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×