Home > Cyber News > CVE-2019-11707: Critical Bug in Firefox Needs Immediate Patching

CVE-2019-11707: Critical Bug in Firefox Needs Immediate Patching

Did you notice your Firefox browser prompting you to update it? It’s because Mozilla just released an emergency patch addressing CVE-2019-11707, an actively exploited critical security vulnerability.

This means that your Firefox browser needs to be patched immediately so that you avoid attacks. According to the official documentation, security vulnerabilities have been fixed in Firefox 67.0.3 and Firefox ESR 60.7.1.

CVE-2019-11707: Type Confusion in Array.pop Fixed

The official description reads that “a type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop.” This eventually leads to an exploitable crash. As already mentioned, the bug is exploited in the wild, meaning that its impact is critical.

There isn’t much information about the attacks based on CVE-2019-11707. According to rumors, the bug can be used for stealing cryptocurrency but Mozilla hasn’t confirmed. More details may be released in the upcoming days.

It’s important to note that CVE-2019-11707 was discovered by Samuel Groß, researcher at Google Project Zero, and Coinbase Security.

Related: [wplinkpreview url=”https://sensorstechforum.com/firefox-malware-plugins/”] Mozilla Firefox Malware Plugins Plague The Official Repository

In a conversation with ZDNet, the researcher said that “the bug can be exploited for RCE [remote code execution] but would then need a separate sandbox escape” in order to run code on an underlying operating system.

However, it’s very likely that it can be exploited for UXSS [universal cross-site scripting] attacks depending on the attacker’s goals.

The critical bug exists in Firefox versions higher than 67.0.3. Users must install the latest release of the browser to be protected. Firefox ESR users need version 60.7.1. The good news is that Mozilla has initiated the automatic rollout of the fix using its browser’s built-in update mechanism. Keep in mind that you need to restart the browser for the patch to be applied.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree