Jump to content

Mozilla patches Firefox zero-day abused in the wild


steven36

Recommended Posts

Mozilla releases Firefox 67.0.3 to fix actively exploited zero-day.

 

https://s7d2.turboimg.net/sp/e078c78430755e417542435a660813c0/533a.jpg

 

The Mozilla team has released earlier today version 67.0.3 of the Firefox browser to address a critical vulnerability that is currently being abused in the wild.

 

"A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop," Mozilla engineers wrote in a security advisory posted today.

 

"This can allow for an exploitable crash," they added. "We are aware of targeted attacks in the wild abusing this flaw."

 

Samuel Groß, a security researcher with Google Project Zero security team, and the Coinbase Security team were credited with discovering the Firefox zero-day -- tracked as CVE-2019-11707.

 

Outside of the short description posted on the Mozilla site, there are no other details about this security flaw or the ongoing attacks.

 

Based on who reported the security flaw, we can safely assume the security flaw was being exploited in attacks aimed at cryptocurrency owners.

 

Groß did not respond to a request for comment from ZDNet seeking additional details about the attacks.

 

 

Firefox zero-days are quite rare. The last time the Mozilla team patched a Firefox zero-day was in December 2016, when they fixed a security flaw that was being abused at the time to expose and de-anonymize users of the privacy-first Tor Browser.

 

Fellow browser maker Google patched a zero-day in its browser in March this year. The zero-day was being used together with a Windows 7 zero-day as part of a complex exploit chain.

 

Source

Link to comment
Share on other sites


  • Views 541
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...