Satnam Narang, senior engineer for employee research at Tenable, noted in an interview that Mozilla did not provide details about the exploit. “Unfortunately, without the full context we don’t know how widespread the exploitation was,” he said. “I think it’s not very broad, because if it was, maybe we would have heard more about it. So I would err on the side of this possibly being used in a limited way in a targeted attack.”
Most IT administrators have automatic updates enabled by default, he added.
Use after free [UAF] The risk of the claims is normal, Narang said. By 2023, UAF’s vulnerability was at the top of the US Cybersecurity and Infrastructure Security Agency’s known vulnerabilities. [KEV] catalog. By comparison, MITRE’s comprehensive list of pests places the UAF risk in fourth place.
Source link