ATR team discovers Mozilla Firefox critical security flaw

Last updated: April 13, 2016 

ATR team discovers Mozilla Firefox critical security flaw

Firefox critical security flaw

Intel Corporation’s Advanced Threat Research (ATR) team has discovered a critical security flaw in Mozilla Firefox.  The Firefox critical security flaw has been named BERserk because the flaw can be enabled by incorrect parsing of certain Basic Encoding Rules (BER) sequences when implementing RSA signature verification.  According to the report from the ATR team:

The attack exploits a vulnerability in the parsing of an ASN.1 encoded sequence during signature verification. ASN.1 encoded sequences are made up of objects that are encoded using BER and/or DER. This attack exploits the fact that bytes are skipped during parsing of certain fields. This condition enables the attack.

The attack exploits a vulnerability in the parsing of an ASN.1 encoded sequence during signature verification. ASN.1 encoded sequences are made up of objects that are encoded using BER and/or DER. This attack exploits the fact that bytes are skipped during parsing of certain fields. This condition enables the attack.

The latest version of Firefox contains a patch for the flaw.  Users are encouraged to upgrade to it immediately. For information on how to automatically and manually upgrade your Firefox browser, please visit How can I update Firefox?