Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Mozilla and Tor recently released patches for the Firefox browser as well as the Firefox-based Tor browser aiming to block a recent attack. This attack exploited a Firefox animation remote code execution flaw to unmask users of the Tor anonymity network.
This vulnerability, which is not publicly known, is in all likelihood another among zero day exploits and uses the Firefox or Tor browser to load a malicious webpage, containing malicious JavaScript and SVG (Scalable Vector Graphics) code. Consequently, it leads to scooping up the real IP address and MAC address of Windows systems, which is then sent to a central server.
Though it’s seen that the payload works against Windows systems that run Firefox browser and the Tor browser, there were also reports of the vulnerability being there on Firefox for Mac OS and Linux and hence users were promptly made to update their browsers on these platforms.
Mozilla’s release describes the vulnerability in brief- “A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.” The Mozilla release, dated November 30, rates it as critical and says that it is fixed in Firefox version 50.0.2, Firefox Extended Support Release version 45.5.1 and Mozilla’s Thunderbird email client version 45.5.1.
A Tor release, dated November 30, states- Tor Browser 6.0.7 is now available from the Tor Browser Project page and also from our distribution directory. This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2).The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.”
Mozilla’s security lead, Daniel Veditz dwells on another aspect of the zero day exploit in a post made in the Mozilla Security Blog. He says- “The exploit in this case works in essentially the same way as the “network investigative technique” used by FBI to deanonymize Tor users (as FBI described it in an affidavit). This similarity has led to speculation that this exploit was created by FBI or another law enforcement agency. As of now, we do not know whether this is the case. If this exploit was in fact developed and deployed by a government agency, the fact that it has been published and can now be used by anyone to attack Firefox users is a clear demonstration of how supposedly limited government hacking can become a threat to the broader Web.”
Tags: zero day exploits,zero-day vulnerability
Reading Time: 2 minutes Project Sauron- that’s the name of the sinister malware that has been spying on government computers and computers at major organizations for over five years. Researchers who have detected this malware have given it the name Project Sauron because of the reference to Sauron, the main antagonist in J. R. R. Tolkien’s ‘Lord of the…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
agreecheck
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP