#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Firefox plugin | Breaking Cybersecurity News | The Hacker News

Critical Flaw in Grammarly Spell Checker Could Let Attackers Steal Your Data

Critical Flaw in Grammarly Spell Checker Could Let Attackers Steal Your Data
Feb 06, 2018
A critical vulnerability discovered in the Chrome and Firefox browser extension of the grammar-checking software Grammarly inadvertently left all 22 million users' accounts, including their personal documents and records, vulnerable to remote hackers. According to Google Project Zero researcher Tavis Ormandy, who discovered the vulnerability on February 2, the Chrome and Firefox extension of Grammarly exposed authentication tokens to all websites that could be grabbed by remote attackers with just 4 lines of JavaScript code. In other words, any website a Grammarly user visits could steal his/her authentication tokens, which is enough to login into the user's account and access every "documents, history, logs, and all other data" without permission. "I'm calling this a high severity bug, because it seems like a pretty severe violation of user expectations," Ormandy said in a vulnerability report . "Users would not expect that visiting a we

Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!

Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!
Jul 17, 2017
A highly critical vulnerability has been discovered in the Cisco Systems' WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim's computer. Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help users connect and collaborate with colleagues around the world. The extension has roughly 20 million active users. Discovered by Tavis Ormandy of Google Project Zero and Cris Neckar of Divergent Security, the remote code execution flaw (CVE-2017-6753) is due to a designing defect in the WebEx browser extension. To exploit the vulnerability, all an attacker need to do is trick victims into visiting a web page containing specially crafted malicious code through the browser with affected extension installed. Successful exploitation of this vulnerability could result in the attacker executing arbitrary code with th

Firefox Browser vulnerable to Man-in-the-Middle Attack

Firefox Browser vulnerable to Man-in-the-Middle Attack
Sep 19, 2016
A critical vulnerability resides in the fully-patched version of the Mozilla's Firefox browser that could allow well-resourced attackers to launch man-in-the-middle (MITM) impersonation attacks and also affects the Tor anonymity network. The Tor Project patched the issue in the browser's HTTPS certificate pinning system on Friday with the release of its Tor Browser version 6.0.5 , while Mozilla still has to patch the critical flaw in Firefox. Attackers can deliver Fake Tor and Firefox Add-on Updates The vulnerability could allow a man-in-the-middle attacker who is able to obtain a forged certificate for addons.mozilla.org to impersonate Mozilla servers and as a result, deliver a malicious update for NoScript, HTTPS Everywhere or other Firefox extensions installed on a targeted computer. "This could lead to arbitrary code execution [vulnerability]," Tor officials warned in an advisory. "Moreover, other built-in certificate pinnings are affected as wel

Webinar: How to streamline security reviews with Trust Center

cyber security
websiteVantaCompliance / Security Audit
Learn how Vanta Trust Center can help provide real-time evidence for passing controls and automate responses to security questionnaires.

The Ultimate SaaS Security Posture Management Checklist, 2025 Edition

The Ultimate SaaS Security Posture Management Checklist, 2025 Edition
May 22, 2024SaaS Security / Threat Detection
Since the first edition of  The Ultimate SaaS Security Posture Management (SSPM) Checklist  was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace. In large enterprises, the number of SaaS applications in use today is in the hundreds, spread across departmental stacks, complicating the job of security teams to protect organizations against evolving threats. As SaaS security becomes a top priority, enterprises are turning to SaaS Security Posture Management (SSPM) as an enabler. The  2025 Ultimate SaaS Security Checklist , designed to help organizations choose an SSPM, covers all the features and capabilities that should be included in these solutions. Before diving into each attack surface, when implementing an SSPM solution, it's essential to cover a breadth of integrations, including out-of-the-box and custom app integrations, as well as in-depth security checks. While there are apps that are more sensitive and complex to secure, a breach c

Multiple Flaws Exposed in Pocket Add-on for Firefox

Multiple Flaws Exposed in Pocket Add-on for Firefox
Aug 21, 2015
With providing easy accessibility, the battle is not won! Server-side Vulnerabilities have been reported by a security researcher in the popular Pocket add-on that comes attached with the Firefox browser. The security flaws could have allowed hackers to exfiltrate data from the company's servers as well as populate reading lists with malicious links. The Pocket button in the Firefox browser allows you to save links, videos, web pages, or articles to your Pocket account with just a click, making it easier for you to read them later, usually offline. However, the vulnerabilities discovered by security researcher Clint Ruoho was such that it could allow hackers to get an unrestricted root access to the server hosting the application, the researcher wrote in his blog post . For this to be done, a hacker only needs: A browser The Pocket Mobile app Access to an Amazon EC2 Server which costs 2 cents an hour The researcher, with the goal of exploiting the service's main functionality

Firefox to block all plugins by Default in upcoming release, except Whitelist plugins

Firefox to block all plugins by Default in upcoming release, except Whitelist plugins
Mar 03, 2014
The Mozilla Firefox web browser is used by roughly 30% of all Internet users and the company is seriously concerned about the Security of its users for many years. To Improve the Stability, Security and performance of Firefox web browser , Mozilla announced back in  2013 that it planned to enable ' Click to Play ' feature in upcoming Firefox versions, which will block most vulnerable plugins like Java by default. " Plugins are a significant source of poor performance, crashes and security vulnerabilities ", Mozilla said . The Feature ' Click to play ' blocks the execution of all plugins automatically, though this feature was annoying to the users, so to prevent all plugins from default blocking, Mozilla announced to maintain a whitelist of approved plugins. "By allowing users to decide which sites need to use plugins, Firefox will help protect them and keep their browser running smoothly." ~Benjamin Smedberg, Engineering Manager. Plugin authors ca
Expert Insights
Cybersecurity Resources