Firefox browser’s 0-day under active attacks, immediate update recommended

Immediate update of the famous Firefox browser is required to prevent 0-day attacks.

Mozilla has recently released Firefox 72.0.1 and Firefox ESR 68.4.1 to patch a critical zero-day vulnerability for its browsing software. The vulnerability was exploited by an unknown group of hackers with certain malicious intentions. ‘CVE-2019-17026’ is the critical bug and a ‘type confusion vulnerability’ that exists in IonMonkey’s just-in-time compiler of Mozilla’s JavaScript engine SpiderMonkey.

Type conversion vulnerability occurs when the code is not able to verify what objects it is passed to and uses it without verifying its type. This allows the attackers to crash the application or achieve code execution. The vulnerable JavaScript engine can be exploited by a remote attacker by tricking the user into visiting a malicious web page to execute arbitrary code on the system within the application.

Firefox has an auto-update feature that installs the updates on its own and applies them to the system on restart. Manual updating of the browser can be conducted by navigating the help section in the ‘menu’ option. NPAV recommends updating every application on your system regularly, in order to never miss an important security feature or patch provided by the developer.

Use NPAV and join us on a mission to secure the cyber world.

Sharing is caring!

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *