Mozilla premia com $ 2.500 para pesquisador de segurança

O pesquisador de segurança Ashar Javed, recentemente descobriu três erros com o Mozilla portal add-ons e que tinham sido exploradas por meio do recurso “Criar nova coleção”.

It was found that malicious code could be inserted in the collection of Mozilla Add- US. Estes Add – ons are basically used to organize accessories for personal and business purposes and can be shared on social networks also.

“Since the Mozilla add-on site has millions of downloads, it is easily possible for the attacker to convince the victim to visit the collection page”, said the expert SecurityWeek.

Users were later exposed to all kinds of virus attacks that could be carried out through XSS flaws and most common attack was the cookie theft.

Sites are usually vulnerable to XSS flaw, add-on collections are very useful for Firefox users, like this, to discover the problem Sr. Javed received $ 2.500 that Mozilla. There were two other bugs discovered on which Mozilla not revealed any information beyond the location.

This is not the first time he had received a heavy amount, Google granted him US $ 3.000 for XSS reflected in the main bar search YouTube Gaming site

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestDigg thisEmail this to someone

Leave a Reply

Your email address will not be published. Required fields are marked *

Translate »