Add lastpass to firefox9/14/2023 Little was known about the vulnerability, other than that it existed in version 4.1.35, until early Wednesday morning when LastPass released 4.1.36a to address the issue.Īccording to the Project Zero bug tracker report, the LastPass for Firefox vulnerability was similar to the remote code execution bug, Ormandy claims, because the browser loads content scripts into error pages, which could let an attacker run arbitrary script to read back a user’s password. Ormandy first disclosed the LastPass for Firefox vulnerability in a since-deleted tweet on Tuesday night, warning it could allow the theft of passwords for any domain. Very quick response from LastPass, < 24hr. Ormandy disclosed bug reports for the last two vulnerabilities on Wednesday and commended the company for the fast fixes. One of the issues, a remote code execution vulnerability that could have enabled the proxying of internal Remote Procedure Call (RPC) commands, was fixed Tuesday morning.įixes for two other vulnerabilities, including one in LastPass’ Firefox add-on and another in LastPass for Firefox, were pushed Wednesday morning. Engineers at LastPass fixed three different vulnerabilities in the password manager over the last 24 hours, all discovered by Google Project Zero researcher Tavis Ormandy, which could have allowed for the theft of passwords.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |