Mozilla has released security updates to address a critical Firefox browser zero-day issue (CVE-2019-17026) that has been exploited in targeted attacks.
The CVE-2019-17026 flaw is an “IonMonkey type confusion with StoreElementHole and FallibleStoreElement,” where IonMonkey is the Just-in-Time (JIT) compiler for Firefox’s SpiderMonkey JavaScript engine.
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” reads the advisory published by Mozilla.
“We are aware of targeted attacks in the wild abusing this flaw.”
Mozilla confirmed that it’s aware of targeted attacks exploiting the CVE-2019-17026 zero-day, but it did not disclose details of the attacks.
The vulnerability was reported to Mozilla by security experts from the Chinese firm Qihoo 360.
The experts reported that the CVE-2019-17026 zero-day had been exploited by attackers along with an Internet Explorer zero-day, Qihoo 360 experts initially disclosed the discovery via Twitter, but later deleted the message.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) agency also issued a bulletin on the vulnerability warning of the possible exploitation that could allow attackers to take full control of vulnerable systems.
“Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.” reads the CISA’s bulletin.
“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.”
Mozilla has addressed the flaw with the release of Firefox 72.0.1 and Firefox ESR 68.4.1.
Mozilla this week Firefox 72, a release aimed at improving users’ privacy and that addresses a dozen vulnerabilities.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Bronze President, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
Mozilla addressed two critical Firefox vulnerabilities that could be potentially exploited to access sensitive data…
Japan passed a law allowing preemptive offensive cyber actions, shifting from its pacifist stance to…
James Comey is under investigation for a seashell photo showing “8647,” seen by some as…
Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total…
Security Affairs Malware newsletter includes a collection of the best articles and research on malware…
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…
This website uses cookies.
