Mozilla fixed Zero-day vulnerabilities in Firefox
Mozilla addressed two zero-day vulnerabilities in Mozilla Firefox that were being used in targeted attacks in the wild. CVE-2019-11707 is a type confusion vulnerability in Mozilla Firefox that can result in an exploitable crash. CVE-2019-11708 is a sandbox escape vulnerability. Combining both CVE-2019-11708 and CVE-2019-11707, attackers can perform arbitrary code execution. Thunderbird is also affected but generally cannot be exploited since scripting is disabled when reading mail.
Following this, patches are also released to address vulnerabilities in Adobe, Apple, Google, and Mozilla.
Here we have the complete list of updates released:
- 24910 Update iCloud (7.12.0.14) fixes multiple vulnerabilities.
- 24911 Update Apple iTunes (12.9.5.7) fixes multiple vulnerabilities.
- 24912 Update Apple iTunes (X64) (12.9.5.7) fixes multiple vulnerabilities.
- 24976 CVE-2019-7845 is fixed in the Adobe Flash Player Plugin (32.0.0.207)
- 24977 CVE-2019-7845 is fixed in the Adobe Flash Player ActiveX (32.0.0.207)
- 24978 CVE-2019-7845 is fixed in the Adobe Flash Player PPAPI (32.0.0.207)
- 24997 iCloud 10.4 fixes multiple vulnerabilities in Windows 10 version 18362.145 or higher
- 24998 CVE-2019-5842 is fixed in Google Chrome (75.0.3770.90)
- 24999 CVE-2019-5842 is fixed in Google Chrome (x64) (75.0.3770.90)
- 25006 CVE-2019-11708 fixed in Mozilla Firefox (67.0.4)
- 25007 CVE-2019-11708 fixed in Mozilla Thunderbird (60.7.2)
- 25008 CVE-2019-11708 fixed in Mozilla Firefox ESR (60.7.2)
- 25009 CVE-2019-11708 fixed in Mozilla Firefox (x64) (67.0.4)
- 25010 CVE-2019-11708 fixed in Mozilla Firefox ESR (x64) (60.7.2)
Kindly patch these vulnerabilities asap to keep your network secure from cyber threats.
Here's to better cyber hygiene.