Friday, March 29, 2024

Firefox 66.0.1 Released – Critical Security Vulnerabilities in Firefox Allows Hackers to Take Over the Vulnerable System

Firefox 66.0.1 Released with Fix for Critical Security Vulnerabilities that discovered via Trend Micro’s Zero Day Initiative. The vulnerability affects all the versions of Firefox below 66.0.1.

An attacker could exploit these vulnerabilities to take complete control over the target system of the process.

CVE-2019-9810: Incorrect alias information

Incorrect alias information with IonMonkey JIT compiler for Array.prototype.slice leads to missing bounds check and a buffer overflow.

The bounds checking is a method used for detecting the variable is present within the bounds, a failed bound check would through the exception and results in security vulnerabilities.

CVE-2019-9813: Ionmonkey type confusion with proto mutations

Mishandling of proto mutations leads to the type of confusion vulnerability in IonMonkey JIT code.

The type confusion vulnerability occurs, when the code doesn’t verify what objects it is passed to, and blindly uses it without type-checking.

By exploiting this vulnerability an attacker can execute arbitrary commands or code on a target machine or in a target process without user interaction.

This vulnerability discovered by an independent researcher Niklas Baumstark targeting Mozilla Firefox with a sandbox escape in Trend Micro Zero-day initiative contest and he successfully demonstrates the JIT bug in Firefox, for that he earned $40,000.

In Pwn2Own 2019 contents researchers exploit multiple bugs with leading providers such as Edge, Mozilla Firefox, Windows, VMware and earned $270,000 USD in a single day by submitting 9 unique zero-day exploits.

The Firefox bug was introduced in the second day of the contest by Fluoroacetate team and an individual security researcher Niklas Baumstark.

You can download the new updated Firefox 66.0.1 Version here.

Also Learn Malware Analysis – Advance Malware Analyst Bundle

Pwn2Own 2019

Day 1 – Submitted Zero-day’s in Apple Safari, VirtualBox, VMware

Day 2 – Submitted Zero-day’s in Firefox, Edge, Windows, VMware

Day 3 – Submitted Zero-day’s in Tesla Car Internet Browser

Website

Latest articles

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles