Home > Cyber News > CVE-2019-11707: Critical Bug in Firefox Needs Immediate Patching
CYBER NEWS

CVE-2019-11707: Critical Bug in Firefox Needs Immediate Patching

by   |  Last Update:  |  0 Comments  

Did you notice your Firefox browser prompting you to update it? It’s because Mozilla just released an emergency patch addressing CVE-2019-11707, an actively exploited critical security vulnerability.

This means that your Firefox browser needs to be patched immediately so that you avoid attacks. According to the official documentation, security vulnerabilities have been fixed in Firefox 67.0.3 and Firefox ESR 60.7.1.



CVE-2019-11707: Type Confusion in Array.pop Fixed

The official description reads that “a type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop.” This eventually leads to an exploitable crash. As already mentioned, the bug is exploited in the wild, meaning that its impact is critical.

There isn’t much information about the attacks based on CVE-2019-11707. According to rumors, the bug can be used for stealing cryptocurrency but Mozilla hasn’t confirmed. More details may be released in the upcoming days.

It’s important to note that CVE-2019-11707 was discovered by Samuel Groß, researcher at Google Project Zero, and Coinbase Security.

Related: [wplinkpreview url=”https://sensorstechforum.com/firefox-malware-plugins/”] Mozilla Firefox Malware Plugins Plague The Official Repository

In a conversation with ZDNet, the researcher said that “the bug can be exploited for RCE [remote code execution] but would then need a separate sandbox escape” in order to run code on an underlying operating system.

However, it’s very likely that it can be exploited for UXSS [universal cross-site scripting] attacks depending on the attacker’s goals.

The critical bug exists in Firefox versions higher than 67.0.3. Users must install the latest release of the browser to be protected. Firefox ESR users need version 60.7.1. The good news is that Mozilla has initiated the automatic rollout of the fix using its browser’s built-in update mechanism. Keep in mind that you need to restart the browser for the patch to be applied.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. CVE-2019-17026 Critical Zero-Day in Firefox Requires Immediate Patching If you haven’t patched your Firefox browser today, you should...
  2. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  3. CVE-2021-21985: Critical Flaw in VMware vCenter Needs Immediate Patching CVE-2021-21985 is a critical vulnerability in VMware vCenter that needs...
  4. NVIDIA GPU Display Driver Needs Patching after Disclosure of 8 Issues Eight security issues were discovered (and patched) in the NVIDIA...
  5. New Critical Bugs in Firefox, Chrome and Edge (CVE-2020-16044) Users should patch several new browser vulnerabilities affecting Chrome, Firefox,...
  6. CVE-2018-7602 Highly Critical Drupal Bug Actively Exploited in the Wild Drupalgeddon continues with one more remote code execution bug has...
  7. Google Critical Security Alert Virus Scam (Gmail) – How to Remove (2019) This article has been created in order to help you...
  8. CVE-2022-1802, CVE-2022-1529: Critical Vulnerabilities in Mozilla Firefox Mozilla released a new version of its Firefox browser (100.0.2)...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree