The US cybersecurity agency warns that the critical vulnerability could allow attackers to take control of people’s computers
Mozilla has rolled out a new version of its Firefox web browser to address a critical zero-day vulnerability that has been abused for targeted attacks.
Details about the flaw and its exploitation are rather sparse, however. What little is known, according to Mozilla’s security advisory released on Wednesday, is that it is a type confusion error that resides in IonMonkey, the just-in-time (JIT) compiler for the browser’s SpiderMonkey JavaScript engine.
A warning from the United States’ Cybersecurity and Infrastructure Security Agency (CISA) notes that the flaw could be exploited to take control of an affected system.
Mozilla said that it is “aware of targeted attacks in the wild abusing this flaw”. The vulnerability is tracked as CVE-2019-17026 and affects both Firefox and Firefox ESR, the latter of which is used by large organizations.
The browser’s new versions – Firefox 72.0.1 and Firefox ESR 68.4.1 – are available for all of its supported desktop versions: Windows, macOS and Linux. Needless to say, users are recommended to waste no time in applying the update. The fixes can be implemented by going to the Firefox menu and clicking on Help and then About Firefox. Per Statcoun ..
Support the originator by clicking the read the rest link below.
