Security News > 2020 > January > Mozilla patches actively exploited Firefox zero-day
Mozilla has patched a Firefox zero-day vulnerability that is being exploited in attacks in the wild and is urging Firefox and Firefox ESR users to update their installations as soon as possible.
A day after Mozilla released Firefox 72 - which blocks fingerprinting scripts by default for all users, replaces annoying notification request pop-ups from various sites with a speech bubble in the address bar, and fixes a number of security issues - the corporation pushed out Firefox 72.0.1 with a fix for CVE-2019-17026, a type confusion vulnerability in IonMonkey, the JavaScript Just-In-Time compiler for Mozilla's JavaScript engine.
According to the accompanying security advisory, the vulnerability was flagged by researchers with Chinese internet security company Qihoo 360 and is being actively abused by attackers.
The last Firefox zero-day before this one was plugged in June 2019.
Whatever the case, the Tor Project has announced they will be releasing a new version of the Tor Browser to implement Mozilla's fix "Soon".
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Om498K3pS24/
Related news
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Mozilla really wants you to easily set Firefox as default Windows browser (source)
- Mozilla really wants you to set Firefox as default Windows browser (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-02 | CVE-2019-17026 | Type Confusion vulnerability in multiple products Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. | 8.8 |