Mozilla discovered a critical flaw in the old version of Firefox which made it possible for hackers to hijack a user's session and inject arbitrary code into the browser. The vulnerability was discovered in Firefox's support for the Kerberos protocol, which is used to secure network services such as Apache and Lotus Notes.

CVE-2016-9412: Firefox does not properly handle redirects when Kerberos authentication is enabled.

When a user clicks on a link, Firefox sends their request to a remote host and sends the authentication details unencrypted. If the remote host is compromised, the request can be injected into the web page, resulting in session hijacking. The severity of this vulnerability is quite high since it is possible to inject code on a user's computer that can do anything from stealing data to installing a root certificate on the user's machine.
The good news is that this flaw is already patched by Mozilla in Firefox version 52.0.
The bad news is that users who are still using an old version of Firefox will likely not receive this upgrade until their browser has been uninstalled.

Summary

The issue was discovered on April 3rd, 2016 and the flaw was patched in version 52.0.

How do I know if my browser is vulnerable?

If you are still using an old version of Firefox, it is likely that your browser is vulnerable to this attack. You can verify this easily by heading to about:support in the browser and looking for the "kerberos support" option. If this option appears, then the browser has Kerberos authentication enabled which makes it vulnerable to session hijacking.

What is the Kerberos protocol?

The Kerberos protocol is a network authentication protocol that allows users to log in to a server securely while also ensuring that the user's identity cannot be forged. It has been used by web servers since 1989 and by other networks since 1985.
According to Mozilla, "the vulnerability in old versions of Firefox was patched in Firefox 52."
If the user continues to use an old version of Firefox, they will not receive this upgrade until their browser has been uninstalled.

Symptoms of Firefox Kerberos Vulnerability

If you are running an old version of Firefox and are not sure if your browser has been updated, you can check by clicking on the url bar and entering "about:support". If the version is listed as "52.0" or higher, then there is a good chance that it has been patched. If not, you should upgrade your browser immediately.

If you suspect that your browser has been hijacked but cannot access the url bar to check "about:support", try disabling Kerberos authentication mode in Firefox's options menu.
But don't forget to re-enable this option afterwards when you're done checking for hijackings.
This vulnerability would have affected both desktop and mobile versions of Firefox. However, it was only present in the old version of Firefox which was released in 2009 so most users should be safe with current versions of Firefox.

How Does This Vulnerability Work?

A vulnerability in the Kerberos protocol allows hackers to hijack a user's session and inject arbitrary code into the browser.

Timeline

Published on: 11/09/2022 22:15:00 UTC

References