Serviceteam IT Security News

The US cybersecurity agency warns that the critical vulnerability could allow attackers to take control of people’s computers

Mozilla has rolled out a new version of its Firefox web browser to address a critical zero-day vulnerability that has been abused for targeted attacks.

Details about the flaw and its exploitation are rather sparse, however. What little is known, according to Mozilla’s security advisory released on Wednesday, is that it is a type confusion error that resides in IonMonkey, the just-in-time (JIT) compiler for the browser’s SpiderMonkey JavaScript engine.

A warning from the United States’ Cybersecurity and Infrastructure Security Agency (CISA) notes that the flaw could be exploited to take control of an affected system.

Mozilla said that it is “aware of targeted attacks in the wild abusing this flaw”. The vulnerability is tracked as CVE-2019-17026 and affects both Firefox and Firefox ESR, the latter of which is used by large organizations.

The browser’s new versions – Firefox 72.0.1 and Firefox ESR 68.4.1 – are available for all of its supported desktop platforms: Windows, macOS and Linux. Needless to say, users are recommended to waste no time in applying the update. The fixes can be implemented by going to the Firefox menu and clicking on Help and then About Firefox. Per Statcounter, Firefox commands a 9-percent desktop browser market share.

The updates came merely a day after Mozilla shipped out Firefox 72.0 and Firefox ESR 68.4, which themselves included fixes for several security flaws, albeit largely lesser in severity.

Last June, Mozilla patched two zero-days two days apart. Other web browsers, notably Chrome and Internet Explorer, have also received emergency patches for zero-days in recent months.

A few years back, ESET researchers documented how a then zero-day affecting Firefox was being abused by threat actors.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!