Home > Cyber News > CVE-2019-17026 Critical Zero-Day in Firefox Requires Immediate Patching

CVE-2019-17026 Critical Zero-Day in Firefox Requires Immediate Patching

If you haven’t patched your Firefox browser today, you should do it immediately as there is an active zero-day exploit indexed as CVE-2019-17026.

An emergency patch was just released shortly after Mozilla shipped version 72 of its Firefox browser. According to the official advisory, the bug is critical, and it was discovered by Qihoo 360 ATA researchers. The vulnerability is described as “incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion.”

The company is aware of targeted attacks in the wild against the CVE-2019-17026 vulnerability. To be protected, users should install Firefox 72.0.1 and Firefox ESR 68.4.1.

CVE-2019-17026: Short Technical Overview

The vulnerability is a type confusion, which can happen due to data being written to or read from memory locations that usually are off-limits. This could allow threat actors to discover memory locations where malicious code is stored, and to bypass protections such as address space layout randomization, researchers explain.

The good news is that the vulnerability was addressed in Firefox 72.0.1. It’s noteworthy that this patch arrived only a day after version 72 fixed 11 other flaws, some of which were rated as high risk and could allow threat actors to run malicious code on vulnerable systems.

Related: [wplinkpreview url=”https://sensorstechforum.com/high-severity-bugs-firefox-chrome/”] Several High Severity Bugs Fixed in Firefox and Chrome

In June last year, Mozilla had to address another type confusion vulnerability in its browser. CVE-2019-11707 was also described as a type confusion vulnerability which could occur when manipulating JavaScript objects due to issues in Array.pop. This eventually could lead to an exploitable crash. The vulnerability was also rated as critical, and was exploited in the wild. It existed in Firefox versions higher than 67.0.3.

As for the CVE-2019-17026 vulnerability, there is no further information about the attacks which were detected. Nonetheless, users should update their browsers as soon as possible.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree