Home Security Mozilla Patched Zero-Day Vulnerability With Firefox 72.0.1

Mozilla Patched Zero-Day Vulnerability With Firefox 72.0.1

by ethhack

Mozilla has recently released the Firefox 72 browser with numerous security updates. Other than better privacy features, Mozilla also patched multiple security bugs with the browser version. However, it seems they missed something for which they had to release another version. Now, Firefox 72.0.1 is also out with a patch for a zero-day flaw.

Zero-Day Firefox Vulnerability Under Active Exploit

Researchers from the Chinese cybersecurity firm Qihoo 360 discovered a zero-day vulnerability in the Firefox browser. The bug, upon exploit, could allow an attacker to execute code on the target device.

As described in Mozilla’s advisory, there existed a type confusion vulnerability in the browser. Regarding the flaw CVE-2019-17026, Mozilla stated,

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion.

What’s more troublesome with the zero-day was that it was already under active exploitation. Mozilla also confirmed in their advisory,

We are aware of targeted attacks in the wild abusing this flaw.

No further information is presently available about how the perpetrators exploited this flaw in the wild.

Mozilla Patched The Flaw

Upon receiving the report regarding the zero-day, Mozilla worked on a fix for the flaw. Consequently, soon after they rolled out Firefox 72, they released Firefox 72.0.1 whilst including the fix for the zero-day.

According to ZDNet, the Qihoo 360 researchers also disclosed an accompanying actively exploited zero-day vulnerability in Internet Explorer. However, shortly after sharing the news via Twitter, they deleted their tweet. Hence, it’s a bit unclear if any such related vulnerability existed or still exists.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Source link

Related Articles

Leave a Comment