On Tuesday, April 26, 2016, Mozilla released a security patch update for its browser Firefox, which is used in Windows, Mac, Linux and Android. In the latest version of Firefox 46.0, Mozilla fixed 14 vulnerabilities with its patch update. Vulnerability CVE-2016-2804, CVE-2160-2805, CVE-2160-2806, CVE-2160-2807 and CVE-2160-2808 allows attackers to remotely execute the code and gain control over it. An attacker could exploit the first four vulnerabilities to corrupt the memory via a specially configured HTML-file. Arbitrary code execution is also possible using these vulnerabilities in CVE-2160-2811 and CVE-2160-2812. A vulnerability CVE-2160-2809 in Mozilla Maintenance Service allows you to delete the arbitrary files and increase the risk privileges of Windows. CVE-2160-2810 allows the application to read the stored data, including the browsing history in the browser, and stored passwords. The problem affects the devices which are running on the Android version 5.0. (Android Lollipop). Exploiting the vulnerability CVE-2160-2813, an attacker can hack the data stored on your Android device and motion sensors. This could be done with the Javascript, which allows the attacker to fix the tap on the screen, and can lead to the abduction of PIN-codes and other activities. The vulnerability CVE-2016-2814 could allow a buffer overflow, and using the CVE-2016-2816 vulnerability, you can get around the Content Protection Policy (CSP). An attacker can perform cross-site scripting, and can gain escalated privileges With CVE-2016-2817 and the vulnerability CVE-2160-2820 is caused due to the fact that Firefox Health Report takes certain events from untrusted domains.
Δ
