Mozilla Firefox 72.0.1 Debuts to Fix an Actively Exploited Zero-Day Vulnerability


Mozilla has released Firefox 72.0.1 that patches an actively exploited zero-day vulnerability. The flaw, which is the third zero-day that the Firefox maker has fixed over the last year after patching two major security loopholes in June last year, impacted JavaScript JIT compiler IonMonkey. It was first reported by China’s Qihoo 360. The new Firefox release comes just a day day after Mozilla brought its version 72.0.0 with fixes for six high-rated vulnerabilities. Three of those loopholes could allow attackers to run malicious code remotely on affected systems to gain backdoor access.

The latest zero-day vulnerability has been indexed as CVE-2019-17026. Mozilla has confirmed through a security advisory that the flaw has been fixed in Firefox 72.0.1 as well as Firefox ESR 68.4.1.

“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw,” the company noted while describing the vulnerability in its advisory.

Mozilla has credited Qihoo 360 for reporting the flaw. However, further clarity on its impact hasn’t been provided.

The vulnerability was categorised as a type confusion, which is potentially a critical error that could impact data processing. It is unclear that how it has been leveraged by attackers, though.

As reported by Catalin Cimpanu of ZDNet, Qihoo 360 Core highlighted that in addition to the flaw existed in Firefox, a zero-day vulnerability is affecting Internet Explorer. The Chinese firm, however, reportedly deleted the details revealing the issue within Microsoft’s Web browser after briefing posting them on Twitter.

Mozilla in June last year fixed two zero-day vulnerability issues that impacted Coinbase employees and Mac users involved in cryptocurrency exchange. The vulnerabilities were indexed as CVE-2019-11707 and CVE-2019-11708.

Users are advised to download the latest Firefox version to avoid any security issues. The browser can be updated by going through Help > About Firefox.

For the biggest CES 2020 stories and latest updates, visit our CES hub.

Jagmeet Singh
Tech journalist by profession, tech explorer by passion. Budding philomath.

CES 2020: Samsung Launches Portable SSD T7 Touch With Fingerprint Sensor, Arrives Next Month in India


Source link

Leave a Comment