Security News > 2019 > June > Mozilla plugs critical Firefox zero-day used in targeted attacks
2019-06-19 09:46
A critical Firefox zero-day remote code execution vulnerability is being abused in targeted attacks in the wild, Mozilla has warned on Tuesday. About the vulnerability (CVE-2019-11707) Mozilla did not share many details about the flaw – it simply stated that it is a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, and that it can trigger an exploitable crash. The flaw can be exploited to achieve arbitrary code … More → The post Mozilla plugs critical Firefox zero-day used in targeted attacks appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/_VylJnVKexI/
Related news
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Mozilla warns Windows users of critical Firefox sandbox escape flaw (source)
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- Mozilla fixes Firefox zero-days exploited at hacking contest (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
- Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) (source)
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-11707 | Type Confusion vulnerability in Mozilla Thunderbird A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. | 8.8 |