A URL mPath vulnerability for Mozilla Firefox version 76.0.2 x64 and Firefox Nightly version 78.0a1 x64 was recently found by Cisco Talos. In order to exploit the vulnerability, an attacker would need to create a specially crafted webpage and get a potential victim to visit through the browser. A URL object leads to the out of bounds read and gives attackers the ability to use leaked memory to go around ASLR along with other vulnerabilities and eventually obtain arbitrary code execution. Mozilla and Cisco Talos worked closely together after disclosing the vulnerability and Mozilla has already released a patch for Firefox.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in