On Thu, 2018-01-04 at 17:08 -0600, Michael Cronenworth wrote:
On 01/04/2018 04:30 PM, Sergio Belkin wrote:
> But.... I'm wonder if an attacker can exploit this vulnerability remotely,
that's
> not clear for me...
Do you allow remote users in to your systems? If you do not then you are not affected.
The vulnerabilities require a local user to exploit. Unless you have a password-less
SSH server, virtual machines that run remote users' code, or a website exposed that
allows anyone to run code (Javascript, etc.) you are safe.
Browsing a malicious website that runs Javascript can be a problem.
Site isolation is a mitigation technique that provides partial
protection. Hints for Chrome can be found at:
https://support.google.com/faqs/answer/7622138
Presumably similar techniques can be applied to Firefox.
poc