Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Firefox Zero-Day Vulnerability

 

Systems Affected


  ✻  Firefox versions below 72.0.1
  ✻  Firefox ESR versions below 68.4.1

Threat Level


High


Overview


Vulnerability allows an attacker to crash the application or perform code execution.


Description


Vulnerability (CVE‐2019‐17026) is currently available above Firefox versions on your windows, Linux or Mac. Vulnerability labeled as 'type confusion vulnerability' which resides on IonMonkey just‐in‐time (JIT) compiler of Mozilla's Java Script engine called Spider Monkey.
Due to this vulnerability the code doesn't verify what objects it is passed to and blindly uses it without checking its type, which will allow an attacker to crash the application or to perform code execution.


Impact


  ✻  Crash the application
  ✻  Install backdoors and spyware
  ✻  Data and configuration modifications
  ✻  Distribute malicious programs


Solution/ Workarounds


  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


References


  ✻  https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
  ✻  https://www.tenable.com/blog/cve-2019-17026-zero-day-vulnerability-in-mozilla-firefox-exploited-in-targeted-attacks


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.Mozilla


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.