Mozilla has released Firefox 72.0.1 that patches an actively exploited zero-day vulnerability. The flaw, which is the third zero-day that the Firefox maker has fixed over the last year after patching two major security loopholes in June last year, impacted JavaScript JIT compiler IonMonkey. It was first reported by China's Qihoo 360. The new Firefox release comes just a day day after Mozilla brought its version 72.0.0 with fixes for six high-rated vulnerabilities. Three of those loopholes could allow attackers to run malicious code remotely on affected systems to gain backdoor access.
The latest zero-day vulnerability has been indexed as CVE-2019-17026. Mozilla has confirmed through a security advisory that the flaw has been fixed in Firefox 72.0.1 as well as Firefox ESR 68.4.1.
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw,” the company noted while describing the vulnerability in its advisory.
Mozilla has credited Qihoo 360 for reporting the flaw. However, further clarity on its impact hasn't been provided.
The vulnerability was categorised as a type confusion, which is potentially a critical error that could impact data processing. It is unclear that how it has been leveraged by attackers, though.
As reported by Catalin Cimpanu of ZDNet, Qihoo 360 Core highlighted that in addition to the flaw existed in Firefox, a zero-day vulnerability is affecting Internet Explorer. The Chinese firm, however, reportedly deleted the details revealing the issue within Microsoft's Web browser after briefing posting them on Twitter.
Mozilla in June last year fixed two zero ..
Support the originator by clicking the read the rest link below.
