#firefox

Researchers have revealed a cunning new class of attacks that allow threat actors to use to camouflage malicious code using homoglyphs and bidi control characters. Categories: Exploits and vulnerabilities Tags: CVE-2021-42574 CVE-2021-42694 Trojan Source University of Cambridge *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/11/trojan-source-hiding-malicious-code-in-plain-sight/ ) )* The post Trojan Source: Hiding malicious code in plain sight appeared first on Malwarebytes Labs.

The BlackMatter ransomware gang has announced they are going to shut down their operation, citing pressure from local authorities.. Will they come back? Probably! Categories: Ransomware Tags: BlackMatter cisa darkside raas ransomware revil *( Read more... ( https://blog.malwarebytes.com/ransomware/2021/11/blackmatter-ransomware-group-announces-shutdown-but-for-how-long/ ) )* The post BlackMatter ransomware group announces shutdown. But for how long? appeared first on Malwarebytes Labs.

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.

An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database.

A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint.

SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.

Mozilla found two malicious add-ons that were blocking 455,000 users from getting updates by abusing the proxy API. Categories: Reports Tags: bypass Bypass XM firefox mozilla proxy API *( Read more... ( https://blog.malwarebytes.com/reports/2021/10/patch-now-to-bypass-firefox-add-ons-that-abuse-the-proxy-api-to-deny-updates/ ) )* The post Patch now to bypass Firefox add-ons that abuse the proxy API to deny updates appeared first on Malwarebytes Labs.

On Lock and Code this week, we discuss staying private online, beyond using a VPN, with Tor Project Executive Director Isabella Bagueros. Categories: Podcast Tags: Data privacy Isabella Bagueros lock and code Onion router online privacy podcast private browser surveillance The Tor Project Tor browser Tor Project virtual private network vpn *( Read more... ( https://blog.malwarebytes.com/podcast/2021/10/beyond-the-vpn-ultimate-online-privacy-with-the-tor-projects-isabella-bagueros-lock-and-code-s02e20/ ) )* The post Beyond the VPN: Ultimate online privacy, with The Tor Project’s Isabela Bagueros: Lock and Code S02E20 appeared first on Malwarebytes Labs.

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code.