Saturday, June 22, 2024

Alert!! Critical Firefox Zero-Day Vulnerability Actively Exploit by Hackers in Wide – Update Firefox Now

Mozilla released a security update for a critical zero-day vulnerability that affects the Firefox browser and the vulnerability fixed in 72.0.1 and Firefox ESR 68.4.1.

The vulnerability affects both Firefox, Firefox ESR and the successful exploitation of the vulnerability could lead an attacker to execute the malicious code remotely or trigger to crashes on machines that running with vulnerable Firefox versions.

The critical zero-day vulnerability was initially discovered by Qihoo 360 ATA researchers and the bug can be tracked as CVE-2019-11707.

The bug Affects Web browsers IonMonkey type confusion with StoreElementHole and FallibleStoreElement, Mozilla said.

IonMonkey is the JavaScript Just-In-Time (JIT) compiler for SpiderMonkey (Mozilla’s JavaScript engine).

It indicates that the attackers attempt to exploit a Type Confusion vulnerability and it can be triggered when incorrect alias information in IonMonkey JIT compiler for setting array elements.

Type confusion vulnerability occurs when a piece of code doesn’t verify the type of object that is passed to it and it could lead to exploit this vulnerability by tricking a user into visiting a malicious web page and execute arbitrary code within the context of the application.

This new Firefox Zero-Day vulnerability affects the browsers Just in Time Compiler and it is currently used for targeted attacks in the wild.

Since the further detailed information was not available at the time, we have reached Qihoo 360 for further information about the exploitation for this Firefox zero-day vulnerability but there is no response at the time of writing.

Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1. You can download the new Firefox version for all platform here

While this Firefox Zero-Day vulnerability was exploited in targeted attacks, Firefox users are advised to upgrade as soon as possible.

Also Read: Hackers Exploit Android Vulnerability to Install Malware Without User Interaction Via Google Play


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles