Firefox releases patches to stop Zero-Day Attacks


Mozilla has released the new versions of the Firefox browser, Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browser which is being exploited by the attackers in the wild.

The flaw was discovered by Samuel Groß, a cybersecurity researcher at Google Project Zero and he states that the vulnerability could permit attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions and take total control of them.

The vulnerability has been dubbed as CVE-2019-11707 and it would infect the Firefox browser used on desktop (Windows, macOS, and Linux), while it does not affect the Firefox for Android, iOS, and Amazon Fire TV.

According to an advisory, the flaw which has been considered as a type confusion vulnerability in Firefox can result in an exploitable crash due to issues in Array.pop which can occur when manipulating JavaScript objects.

The flaw primarily leads to Universal Cross-site Scripting (UXSS) attacks, but together with a sandbox escape issue, it would let attackers to execute arbitrary code remotely on a targeted system.

Usually, Firefox automatically installs latest updates and activate the latest version after restarting but they have advised the users to ensure that they are running the latest Firefox 67.0.3 and Firefox (Extended Support Release) 60.7.1 or later.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Microsoft warns Azure customers of Exim worm

    Previous article

    New All-in-One Plurox Malware infects computers in different ways

    Next article

    You may also like

    More in Protect


    Leave a reply

    Your email address will not be published. Required fields are marked *