Pierluigi Paganini
January 09, 2020
Mozilla has released security updates to address a critical Firefox browser
The CVE-2019-17026 flaw is an “IonMonkey type confusion with StoreElementHole and FallibleStoreElement,” where IonMonkey is the Just-in-Time (JIT) compiler for Firefox’s SpiderMonkey JavaScript engine.
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” reads the advisory published by Mozilla.
“We are aware of targeted attacks in the wild abusing this flaw.”
Mozilla confirmed that it’s aware of targeted attacks exploiting the CVE-2019-17026 zero-day, but it did not disclose details of the attacks.
The vulnerability was reported to Mozilla by security experts from the Chinese firm Qihoo 360.
The experts reported that the CVE-2019-17026
The U.S. Department of Homeland Security’s
“Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.” reads the CISA’s bulletin.
“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.”
Mozilla has addressed the flaw with the release of Firefox 72.0.1 and Firefox ESR 68.4.1.
Mozilla this week Firefox 72, a release aimed at improving users’ privacy and that addresses a dozen vulnerabilities.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Bronze President, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
