Actively Exploited Zero-day Vulnerability in Mozilla Firefox

Actively Exploited Zero-day Vulnerability in Mozilla Firefox

 

A Remote Code Execution vulnerability CVE-2019-17026 in Mozilla Firefox and Firefox ESR   is being actively exploited in the wild. This vulnerability was categorized as a type confusion, which is potentially a critical error that could impact data processing. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

 

Mozilla's security advisory reads, “Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw”.

This flaw is fixed in Firefox 72.0.1 and Firefox ESR 68.4.1.

 

Resolution:

Kindly install the following patches to fix the flaw:

312452 - Firefox Setup 72.0.1 x64.exe     

312451 - Firefox Setup 72.0.1.exe          
312458 - Firefox Setup 68.4.1esr.exe       
312453 - Firefox Setup 68.4.1esr_x86.exe 

 

Happy patching!

                New to ADSelfService Plus?