Thursday, October 3, 2024
HomeFirefoxAlert!! Critical Firefox Zero-Day Vulnerability Actively Exploit by Hackers in Wide -...

Alert!! Critical Firefox Zero-Day Vulnerability Actively Exploit by Hackers in Wide – Update Firefox Now

Published on

Mozilla released a security update for a critical zero-day vulnerability that affects the Firefox browser and the vulnerability fixed in 72.0.1 and Firefox ESR 68.4.1.

The vulnerability affects both Firefox, Firefox ESR and the successful exploitation of the vulnerability could lead an attacker to execute the malicious code remotely or trigger to crashes on machines that running with vulnerable Firefox versions.

The critical zero-day vulnerability was initially discovered by Qihoo 360 ATA researchers and the bug can be tracked as CVE-2019-11707.

- Advertisement - EHA

The bug Affects Web browsers IonMonkey type confusion with StoreElementHole and FallibleStoreElement, Mozilla said.

IonMonkey is the JavaScript Just-In-Time (JIT) compiler for SpiderMonkey (Mozilla’s JavaScript engine).

It indicates that the attackers attempt to exploit a Type Confusion vulnerability and it can be triggered when incorrect alias information in IonMonkey JIT compiler for setting array elements.

Type confusion vulnerability occurs when a piece of code doesn’t verify the type of object that is passed to it and it could lead to exploit this vulnerability by tricking a user into visiting a malicious web page and execute arbitrary code within the context of the application.

This new Firefox Zero-Day vulnerability affects the browsers Just in Time Compiler and it is currently used for targeted attacks in the wild.

Since the further detailed information was not available at the time, we have reached Qihoo 360 for further information about the exploitation for this Firefox zero-day vulnerability but there is no response at the time of writing.

Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1. You can download the new Firefox version for all platform here

While this Firefox Zero-Day vulnerability was exploited in targeted attacks, Firefox users are advised to upgrade as soon as possible.

Also Read: Hackers Exploit Android Vulnerability to Install Malware Without User Interaction Via Google Play

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

A critical vulnerability has been discovered in Cisco's Nexus Dashboard Fabric Controller (NDFC), potentially...

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

Tor Browser 13.5.6 Released – What’s New!

The Tor Project has announced the release of Tor Browser 13.5.6, which is now...

Mario Duarte, Former Snowflake Cybersecurity Leader, Joins Aembit as CISO to Tackle Non-Human Identities

Aembit, the non-human IAM company, today announced the appointment of Mario Duarte as chief...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently...

Open Source C3 Frameworks Used In Red Teaming Assessments Vulnerable To RCE Attacks

C2 frameworks, crucial for post-exploitation operations, offer open-source alternatives to Cobalt Strike. They streamline...