Mozilla premia com $ 2.500 para pesquisador de segurança

March 10, 2016 rafaelcarioca7 0 Comment

O pesquisador de segurança Ashar Javed, recentemente descobriu três erros com o Mozilla portal add-ons e que tinham sido exploradas por meio do recurso “Criar nova coleção”.

It was found that malicious code could be inserted into the collection of Mozilla Add- US. Estes Add – ons are basically used to organize ons for personal and business purposes and can be shared on social networks also.

“Since the Mozilla add-on site has millions of downloads, it is easily possible for the attacker to convince the victim to visit the collection page”, said the expert SecurityWeek.

Users were later exposed to all kinds of virus attack that could be carried out through XSS flaws and most common attack was the cookie theft.

Sites are generally vulnerable to XSS flaw, add-on collections are very useful for Firefox users, like this, to discover the problem Sr. Javed received $ 2.500 da Mozilla. There were two other bugs discovered on

which Mozilla not revealed any information beyond the location.

This is not the first time he had received a heavy amount, Google awarded him US $ 3.000 for XSS reflected in the main bar to search YouTube Gaming site