Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – CEO Fraud Themed Phishing Email
March 20, 2019Rewterz Threat Advisory – 2018’s Most Exploited Unpatched Vulnerabilities in Microsoft Products
March 20, 2019
Severity
High
Analysis Summary
The following CVEs have been allocated to multiple vulnerabilities found in Mozilla Firefox.
CVE-2019-9805
CVE-2019-9803
CVE-2019-9790
CVE-2019-9797
CVE-2019-9795
CVE-2019-9807
CVE-2019-9796
CVE-2019-9792
CVE-2019-9789
CVE-2019-9791
CVE-2019-9788
- Some errors related to memory safety can be exploited to corrupt memory.
- A use-after-free error related to DOM elements can be exploited to corrupt memory.
- A type confusion error related to the IonMonkey just-in-time (JIT) compiler can be exploited to corrupt memory.
- An error related to the IonMonkey JIT compiler when handling JS_OPTIMIZED_OUT can be exploited to corrupt memory.
- A use-after-free error related to the SMIL animation controller when registering with the refresh driver can be exploited to corrupt memory.
- An error related to the “createImageBitmap()” function can be exploited to disclose images cross-origin.
- An error when handling the Upgrade-Insecure-Requests (UIR) specification can be exploited to bypass Content Security Policy protections.
- An error related to the Prio library can be exploited to corrupt memory.
- An error when handling text over an FTP connection can be exploited to spoof a modal alert message.
Impact
- System access
- Exposure of sensitive information
- Spoofing
- Security Bypass
- Code execution
Affected Products
Mozilla Firefox 65.x
Remediation
Upgrade to Mozilla Firefox version 66 as soon as possible.