Mozilla has released security updates to address a critical Firefox browser
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” reads the advisory published by Mozilla.
“We are aware of targeted attacks in the wild abusing this flaw.”
Mozilla confirmed that it’s aware of targeted attacks exploiting the CVE-2019-17026 zero-day, but it did not disclose details of the attacks.
The vulnerability was reported to Mozilla by security experts from the Chinese firm Qihoo 360.
The experts reported that the CVE-2019-17026
The U.S. Department of Homeland Security’s
“Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.” reads the CISA’s bulletin.
“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.”
Mozilla has addressed the flaw with the release of Firefox 72.0.1 and Firefox ESR 68.4.1.
Mozilla this week Firefox 72, a release aimed at improving users’ privacy and that addresses a dozen vulnerabilities.
(SecurityAffairs – Bronze President, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.