Mozilla patches a vulnerability in Firefox that helps hackers gain admin rights of Windows
This vulnerability resides in the Mozilla Maintenance Service, so if successfully exploited, hackers can gain admin rights of the system.
Mozilla Maintenance Service is an optional service of Firefox and Thunderbird that keeps application updates running in the background. It provides Firefox users with a seamless update experience, without the need to click the "Yes" option in Windows User Account Control (UAC) before updating their web browser or email client.
Mozilla has patched the privilege escalation vulnerability tracked under code CVE-2022-22753 in the just released Fifefox 97 update.
When successfully exploiting CVE-2022-22753 on unpatched computers, hackers can take over NT AUTHORITYSYSTEM, the highest control on Windows systems.
"A Time-of-Check Time-of-Use bug exists in the Mozilla Maintenance Service that can be abused to give users write permission to an arbitrary directory. This can be used to elevate access permissions. SYSTEM level," Mozilla shared. "This bug only affects Firefox on Windows. Other operating systems are not affected."
Mozilla also adds that Firefox 97 has resolved many of the memory-safe bugs found by the Mozilla community and developers in Firefox 96 and Firefox ESR 91.5.
Firefox 97 adds some new features and improvements
Besides bug fixes, the new Firefox update also brings a number of new features and improvements. The first is the new style scrollbars on Windows 11 and the next is an improvement in loading system fonts on macOS that makes opening and switching new tabs faster.
You should read it
- More than 40 Windows drivers contain dangerous privilege escalation vulnerabilities
- Google Project Zero reveals a serious privilege escalation vulnerability in Windows
- Discovering a new zero-day vulnerability in Steam, more than 100 million users may be affected
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distros
- Firefox 16 was released again after updating the vulnerability patch
- Firefox releases urgent update to patch zero-day vulnerability being exploited by hackers
- Mozilla released Firefox 62.0.2 to fix the problem of corrupting the operating system
- What to do when Firefox crashes?
- FireFox 54 version improves performance, speed, and security enhancement
- Firefox 58 and new features help improve performance
- Mozilla Firefox - Free, fast and private web browser
- Firefox 57 Quantum is here, great Mozilla!
Maybe you are interested
How to enable automatic Picture-in-Picture in Firefox
Instructions to enable tab groups in Firefox
How to disable desktop mode in Firefox Android
How to delete specific websites from Firefox history
Mozilla quietly adds user tracking feature in new Firefox update
Mozilla considers extending Firefox support on older operating system versions until March 2025