Last updated: April 13, 2016
ATR team discovers Mozilla Firefox critical security flaw
Intel Corporation’s Advanced Threat Research (ATR) team has discovered a critical security flaw in Mozilla Firefox. The Firefox critical security flaw has been named BERserk because the flaw can be enabled by incorrect parsing of certain Basic Encoding Rules (BER) sequences when implementing RSA signature verification. According to the report from the ATR team:
The attack exploits a vulnerability in the parsing of an ASN.1 encoded sequence during signature verification. ASN.1 encoded sequences are made up of objects that are encoded using BER and/or DER. This attack exploits the fact that bytes are skipped during parsing of certain fields. This condition enables the attack.
The attack exploits a vulnerability in the parsing of an ASN.1 encoded sequence during signature verification. ASN.1 encoded sequences are made up of objects that are encoded using BER and/or DER. This attack exploits the fact that bytes are skipped during parsing of certain fields. This condition enables the attack.
The latest version of Firefox contains a patch for the flaw. Users are encouraged to upgrade to it immediately. For information on how to automatically and manually upgrade your Firefox browser, please visit How can I update Firefox?
Tech Help Knowledgebase creates how-to articles and video tutorials for common issues, and provides technical support for the categories covered by our site.
Get Support.
