Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday January 11 2020, @09:13PM   Printer-friendly
from the time-to-update dept.

Mozilla Patches Firefox Zero-Day Exploited in Targeted Attacks:

Updates released by Mozilla on Wednesday for its Firefox browser address a zero-day vulnerability that has been exploited in targeted attacks.

The vulnerability, tracked as CVE-2019-17026 and classified as having critical impact, has been described by Mozilla as an "IonMonkey type confusion with StoreElementHole and FallibleStoreElement." IonMonkey is the Just-in-Time (JIT) compiler for Firefox's SpiderMonkey JavaScript engine.

"Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion," Mozilla explained in its advisory.

Mozilla says it's aware of targeted attacks exploiting this zero-day, but no other information has been made available.

A Current Activity bulletin released by the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) says the vulnerability could allow an attacker to take control of an affected system.

The flaw has been patched with the release of Firefox 72.0.1 and Firefox ESR 68.4.1, and users have been advised to update their installations.

Also at Ars Technica


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by inertnet on Saturday January 11 2020, @11:44PM

    by inertnet (4071) on Saturday January 11 2020, @11:44PM (#942341) Journal

    The CISA [us-cert.gov] website mentioned in TFS seems to be a good starting point. On their related resources page I found this CVE list [mitre.org].

    This [mitre.org] gives a list for keyword "firefox".

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3