Jump to content
Sign in to follow this  
steven36

Mozilla patches Firefox zero-day abused in the wild

Recommended Posts

steven36

Mozilla releases Firefox 67.0.3 to fix actively exploited zero-day.

 

https://s7d2.turboimg.net/sp/e078c78430755e417542435a660813c0/533a.jpg

 

The Mozilla team has released earlier today version 67.0.3 of the Firefox browser to address a critical vulnerability that is currently being abused in the wild.

 

"A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop," Mozilla engineers wrote in a security advisory posted today.

 

"This can allow for an exploitable crash," they added. "We are aware of targeted attacks in the wild abusing this flaw."

 

Samuel Groß, a security researcher with Google Project Zero security team, and the Coinbase Security team were credited with discovering the Firefox zero-day -- tracked as CVE-2019-11707.

 

Outside of the short description posted on the Mozilla site, there are no other details about this security flaw or the ongoing attacks.

 

Based on who reported the security flaw, we can safely assume the security flaw was being exploited in attacks aimed at cryptocurrency owners.

 

Groß did not respond to a request for comment from ZDNet seeking additional details about the attacks.

 

 

Firefox zero-days are quite rare. The last time the Mozilla team patched a Firefox zero-day was in December 2016, when they fixed a security flaw that was being abused at the time to expose and de-anonymize users of the privacy-first Tor Browser.

 

Fellow browser maker Google patched a zero-day in its browser in March this year. The zero-day was being used together with a Windows 7 zero-day as part of a complex exploit chain.

 

Source

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...