Tuesday, March 19, 2024

Alert!! Critical Firefox Zero-Day Vulnerability Actively Exploit by Hackers in Wide – Update Firefox Now

Mozilla released a security update for a critical zero-day vulnerability that affects the Firefox browser and the vulnerability fixed in 72.0.1 and Firefox ESR 68.4.1.

The vulnerability affects both Firefox, Firefox ESR and the successful exploitation of the vulnerability could lead an attacker to execute the malicious code remotely or trigger to crashes on machines that running with vulnerable Firefox versions.

The critical zero-day vulnerability was initially discovered by Qihoo 360 ATA researchers and the bug can be tracked as CVE-2019-11707.

The bug Affects Web browsers IonMonkey type confusion with StoreElementHole and FallibleStoreElement, Mozilla said.

IonMonkey is the JavaScript Just-In-Time (JIT) compiler for SpiderMonkey (Mozilla’s JavaScript engine).

It indicates that the attackers attempt to exploit a Type Confusion vulnerability and it can be triggered when incorrect alias information in IonMonkey JIT compiler for setting array elements.

Type confusion vulnerability occurs when a piece of code doesn’t verify the type of object that is passed to it and it could lead to exploit this vulnerability by tricking a user into visiting a malicious web page and execute arbitrary code within the context of the application.

This new Firefox Zero-Day vulnerability affects the browsers Just in Time Compiler and it is currently used for targeted attacks in the wild.

Since the further detailed information was not available at the time, we have reached Qihoo 360 for further information about the exploitation for this Firefox zero-day vulnerability but there is no response at the time of writing.

Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1. You can download the new Firefox version for all platform here

While this Firefox Zero-Day vulnerability was exploited in targeted attacks, Firefox users are advised to upgrade as soon as possible.

Also Read: Hackers Exploit Android Vulnerability to Install Malware Without User Interaction Via Google Play

Website

Latest articles

WhiteSnake Stealer Checks for Mutex & VM Function Before Execution

A new variant of the WhiteSnake Stealer, a formidable malware that has been updated...

Researchers Hack AI Assistants Using ASCII Art

Large language models (LLMs) are vulnerable to attacks, leveraging their inability to recognize prompts...

Microsoft Deprecate 1024-bit RSA Encryption Keys in Windows

Microsoft has announced an important update for Windows users worldwide in a continuous effort...

Beware Of Free wedding Invite WhatsApp Scam That Steal Sensitive Data

The ongoing "free wedding invite" scam is one of several innovative campaigns aimed at...

Hackers Using Weaponized SVG Files in Cyber Attacks

Cybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that...

New Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive Data

In recent years, personal data security has surged in importance due to digital device...

Discontinued WordPress Plugin Flaw Exposes Websites to Cyber Attacks

A critical vulnerability was discovered in two plugins developed by miniOrange.The affected plugins,...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles