Mozilla has released security updates to address a critical Firefox browser
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” reads the advisory published by Mozilla.
“We are aware of targeted attacks in the wild abusing this flaw.”
Mozilla confirmed that it’s aware of targeted attacks exploiting the CVE-2019-17026 zero-day, but it did not disclose details of the attacks.
The vulnerability was reported to Mozilla by security experts from the Chinese firm Qihoo 360.
The experts reported that the CVE-2019-17026
The U.S. Department of Homeland Security’s
“Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.” reads the CISA’s bulletin.
“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.”
Mozilla has addressed the flaw with the release of Firefox 72.0.1 and Firefox ESR 68.4.1.
Mozilla this week Firefox 72, a release aimed at improving users’ privacy and that addresses a dozen vulnerabilities.
(SecurityAffairs – Bronze President, hacking)