Vulnerabilities in Font Processing Library Impact Firefox, Linux: Report

Vulnerabilities in Font Processing Library Impact Firefox, Linux: Report

Security researchers have found vulnerabilities in Graphite, also known as Libgraphite font processing library, that affects a number of systems. The vulnerabilities, if exploited, allow an attacker to seed malicious fonts to a machine. The Libgraphite library is utilised by Linux, Thunderbird, WordPad, Firefox, OpenOffice, as well as several other major platforms and applications.

Security researchers from Cisco have posted an advisory to outline four vulnerabilities in the Libgraphite font processing library. One of the vulnerabilities allows the attackers to execute arbitrary code on the machine, and among other things, crash the system.

Two of the vulnerabilities can result in denial of service situations. "An attacker simply needs the user to run a Graphite-enabled application that renders a page using a specially crafted font that triggers one of these vulnerabilities," the team wrote in a blog post.

The vulnerabilities impact older versions of Firefox (not v43 and v44) and many other aforementioned apps and services that support Graphite. "Since Mozilla Firefox versions 11-42 directly support Graphite, the attacker could easily compromise a server and then serve the specially crafted font when the user renders a page from the server (since Graphite supports both local and server-based fonts)" To recall, Firefox included Graphite by default in 2012.

Besides the large range of devices that are impacted, the vulnerabilities are also concerning because it is quite easy for attackers to get hold of a machine. A user can unknowingly visit a malicious website and get affected. Mozilla, and various Linux distributions are yet to address the issue.

Update: In an emailed statement to Gadgets 360, Dan Veditz, Principal Security Engineer at Mozilla, said, "The current general available release of Firefox is not affected by the Libgraphite font vulnerability. Users should always make sure to update to the latest version of Firefox for the most-recent security updates and features by going to https://www.mozilla.org/firefox."

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Micromax Canvas Juice 4G With 4000mAh Battery Listed on Company Site
Delhi District Courts to Be Wi-Fi Enabled in 3-4 Months: Firefly CEO
Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com