Firefox Zero-Day Vulnerability

 In Security Alerts

Systems Affected

  • Firefox
  • Firefox ESR

Threat Level

High

Overview

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.[1]

Description

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.[2] The vulnerability identified as CVE-2019-11707 affects anyone who uses Firefox on desktop (Windows, macOS, and Linux) — whereas, Firefox for Android, iOS, and Amazon Fire TV are not affected.

Impact

The vulnerability could allow attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions and take full control of them.

Solution

Mozilla has released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch the vulnerability.

Apply the necessary updates. Ensure you are running the latest Firefox 67.0.3 and Firefox ESR (Extended Support Release) 60.7.1 or later.

Reference

[1] https://www.us-cert.gov/ncas/current-activity/2019/06/18/Mozilla-Releases-Security-Updates-Firefox-and-Firefox-ESR

[2] https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/

[3] https://thehackernews.com/2019/06/mozilla-firefox-patch-update.html?m=1

Disclaimer

The information provided herein is on “as is” basis, without warranty of any kind.

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt