CVE-2019-11707: Critical Bug in Firefox Needs Immediate Patching
CYBER NEWS

CVE-2019-11707: Critical Bug in Firefox Needs Immediate Patching

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Did you notice your Firefox browser prompting you to update it? It’s because Mozilla just released an emergency patch addressing CVE-2019-11707, an actively exploited critical security vulnerability.

This means that your Firefox browser needs to be patched immediately so that you avoid attacks. According to the official documentation, security vulnerabilities have been fixed in Firefox 67.0.3 and Firefox ESR 60.7.1.



CVE-2019-11707: Type Confusion in Array.pop Fixed

The official description reads that “a type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop.” This eventually leads to an exploitable crash. As already mentioned, the bug is exploited in the wild, meaning that its impact is critical.

There isn’t much information about the attacks based on CVE-2019-11707. According to rumors, the bug can be used for stealing cryptocurrency but Mozilla hasn’t confirmed. More details may be released in the upcoming days.

It’s important to note that CVE-2019-11707 was discovered by Samuel Groß, researcher at Google Project Zero, and Coinbase Security.

Related:
Researchers report that there is a currently a new campaign of malicious plugins that are being uploaded to the repository of the Mozilla Firefox browser
Mozilla Firefox Malware Plugins Plague The Official Repository

In a conversation with ZDNet, the researcher said that “the bug can be exploited for RCE [remote code execution] but would then need a separate sandbox escape” in order to run code on an underlying operating system.

However, it’s very likely that it can be exploited for UXSS [universal cross-site scripting] attacks depending on the attacker’s goals.

The critical bug exists in Firefox versions higher than 67.0.3. Users must install the latest release of the browser to be protected. Firefox ESR users need version 60.7.1. The good news is that Mozilla has initiated the automatic rollout of the fix using its browser’s built-in update mechanism. Keep in mind that you need to restart the browser for the patch to be applied.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...