Mozilla, the parent company to the popular web browser Firefox, has released patches for an actively exploited security vulnerability which could allow an attacker to remotely execute arbitrary code on vulnerable versions of Firefox. Mozilla stated that Firefox developers are “aware of targeted attacks in the wild abusing this flaw,” which would allow attackers to take control of affected systems. The attackers could potentially trigger the flaw by tricking users into visiting maliciously-crafted web pages and subsequently execute arbitrary code on their systems. This vulnerability was exploited by attackers to attempt to de-anonymize Tor Browser users and collect data that includes IP addresses, Mac addresses, and hostnames. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert on this Zero-day vulnerability.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is