There is a very good reason security experts have been warning about disclosing financial information over the Internet. Not only because a user’s PC could get hacked or infected with a keylogger rather easily in most cases, but also because the browsers we use on a daily basis are riddled with security flaws. The latest Mozilla Firefox update fixes some of those weaknesses, which could have been quite disastrous if exploited by a malicious individual.
Firefox 39 Fixes Critical Security Issues
Mozilla released a new version of their popular Firefox browser a little while ago, which fixes several critical security weaknesses, as well as less severe issues. All Firefox users are advised to upgrade their browser as soon as possible, as hijackers can steal sensitive personal and financial data otherwise.
No less than four different critical security flaws have been fixed in the latest Firefox release, including two high-level threats. On top of that, a total of 11 other less severe bugs have been fixed as well. Most of the security issues stem forth from use-after-free-vulnerabilities, poor validation processes and a variety of memory problems caused by the browser itself.
Whenever the XMLHttpRequest API – which is used by the Firefox browser to request data from a server – would be triggered, errors would occur every time the XMLHttpRequest object is attached to a worker. However, because these objects are then incorrectly deleted, the door would be wide open for exploitable browser crashes.
The second critical security bug relates to when a Content Policy modifies the Document Object Model to remove a DOM object. In normal speak, this could lead to an exploitable Firefox browser crash, even though the vulnerability can not be exploited through Thunderbird due to scripting being disabled.
Even though no other major bugs have been listed, there was one more worrying flaw. Memory safety bugs in the Firefox browser could corrupt the software’s memory under “certain circumstances, and be used to run arbitrary code”. One of the possible results would be a session hijacking, and gaining access to data entered during your browsing session.
Disclosing Financial Information Through The Browser
Consumers enter their credit card and internet banking details through the browser on a nearly daily basis these days. But what if a hacker managed to gain access to your browser’s memory and steal your financial information. Anything could happen, ranging from credit card fraud to emptying your bank account and everything in between.
Even alternate payment options such as Bitcoin could be affected, even though there are more security hurdles to overcome. People who use an exchange or web wallet to store their coins should always have two-factor authentication enabled. In doing so, an attacked could not breach their account directly, even if they had access to the username and password.
Furthermore, leaking a Bitcoin wallet address is not a major security threat, especially when compared to gaining access to credit card details. Bitcoin is a more difficult protocol to hack, assuming the user properly protects himself. That being said, these types of browser vulnerabilities are never a good thing , not even to Bitcoin users.
Images courtesy of Mozilla and Shutterstock