We have no evidence of these vulnerabilities being exploited, and we quickly issued fixes to address Palant’s concerns.įirefox users have received the automatic update to version 4.1.26 with the fix. The message passing vulnerability could potentially be exploited by luring a LastPass user on Firefox to a malicious website and then tricking the LastPass extension into executing actions in the background without the user’s knowledge. While the URL parsing issues could not be exploited, we did improve upon our design per the recommendations Palant provided. Palant approached specifically to point out potential vulnerabilities with our URL parsing and message passing. This update was in response to recommendations provided by Wladimir Palant, a security researcher and maker of the popular Firefox addon AdBlock Plus, who approached us shortly after a previous security report. Today, we have a security update regarding previous fixes to the LastPass Firefox extension. Security remains our highest priority here at LastPass, including quickly responding to and fixing reports of bugs or vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |