On Thu, 2018-01-04 at 17:08 -0600, Michael Cronenworth wrote: > On 01/04/2018 04:30 PM, Sergio Belkin wrote: > > But.... I'm wonder if an attacker can exploit this vulnerability remotely, that's > > not clear for me... > > Do you allow remote users in to your systems? If you do not then you are not affected. > > The vulnerabilities require a local user to exploit. Unless you have a password-less > SSH server, virtual machines that run remote users' code, or a website exposed that > allows anyone to run code (Javascript, etc.) you are safe. Browsing a malicious website that runs Javascript can be a problem. Site isolation is a mitigation technique that provides partial protection. Hints for Chrome can be found at: https://support.google.com/faqs/answer/7622138 Presumably similar techniques can be applied to Firefox. poc _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
