Just a week ago, Mozilla rolled-out an updated version of its Firefox browser v.67.0.2, while fixing a low-severity bug. Nonetheless, it seems they missed to fix another bug that was more severe. Now, Mozilla has rolled-out another update, Firefox 67.0.3, as it fixes a critical zero-day bug actively exploited in the wild.
Critical Firefox Zero-Day Bug Actively Exploited
Mozilla has reportedly patched a critical bug in a hurry. What makes this vulnerability more alarming is its active exploitation in the wild.
In their security advisory released on June 18, 2019, Mozilla stated about a critical type confusion bug targeting the browser. Exploiting the vulnerability could result in an exploitable crash.
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash.Describing this vulnerability, Mozilla confirmed their knowledge of active exploitation of the bug.
We are aware of targeted attacks in the wild abusing this flaw.Mozilla acknowledged the discovery of the bug to Samuel Groß associated with Google Project Zero and Coinbase Security.
Although, they haven’t mentioned many details about the bug in their advisory. Yet, Groß shared some details about this Type Confusion in Array.pop (CVE-2019-11707) to ZDNet. In his statement, he told,
The bug can be exploited for RCE [remote code execution] but would then need a separate sandbox escape. However, most likely it can also be exploited for UXSS [universal cross-site scripting] which might be enough depending on the attacker's goals.He did however clearly express his unawareness regarding the “why” and “how” of the active exploitation of the vulnerability.
Firefox 67.0.3 Released With A Patch
After receiving the report from the researcher, Mozilla worked out a fix to address the bug. They have released the patch with the latest browser version Firefox 67.0.3. In addition, since the bug also threatened Firefox ESR users, they have rolled out a fix with the updated Firefox ESR 60.7.1 as well.To stay protected from any potential mishap, the users of Mozilla Firefox must ensure updating their devices with the recent patched browser versions.
Take your time to comment on this article.
Posted from my blog with SteemPress : https://latesthackingnews.com/2019/06/23/mozilla-releases-firefox-67-0-3-as-it-fixes-an-actively-exploited-zero-day/
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://latesthackingnews.com/2019/06/23/mozilla-releases-firefox-67-0-3-as-it-fixes-an-actively-exploited-zero-day/
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @twr! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :
You can view your badges on your Steem Board and compare to others on the Steem Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPDo not miss the last post from @steemitboard:
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit