Mozilla released security updates for Firefox that addressed a critical zero-day vulnerability exploited in targeted attacks in the wild.
Mozilla released security updates for its Firefox web browser that address a critical vulnerability that has been actively exploited in the wild.
The zero-day vulnerability, tracked as CVE-2019-11707, is a type confusion flaw in Array.pop. Mozilla has addressed it with the release of Firefox 67.0.3 and Firefox ESR 60.7.1.
The flaw was reported by Coinbase Security and Samuel Groß of Google Project Zero team. Samuel Groß explained that he reported the bug to Mozilla on April 15, 2019.
The researcher explained that the vulnerability could be used for remote code execution if chained with a separate sandbox escape issue.
Mozilla confirmed that threat actors exploited the zero-day in targeted attacks in the wild, the organizations did not provide technical details of the issue.
The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) also issued a short alert for the vulnerability in Mozilla.
“Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.” states the alert. “This vulnerability was detected in exploits in the wild.”
In 2016, security researchers found a malicious script that exploited another Firefox Zero-day to identify some users of the Tor anonymity network.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.