Makers of the browser are advising users to update their browsers immediately to avoid being compromised
BillyReport 9 Jan 2020 0
thehackernews.com reports that users of the Firefox browser must immediately update their software from the credited Mozilla website.
This they say is due to a critical zero-day vulnerability discovered by cybersecurity researchers in a firm known as Qihoo 360 ATA, who shared this information with Mozilla and aided them to expeditiously release a patched version, Firefox 72.0.1 and Firefox ESR 68.4.1 to combat the flawed previous versions.
The vulnerability, named CVE-2019-17026 is one that is described by experts as a “type confusion vulnerability” and is responsible for clouding the code, such that it is unable to confirm the objects it is being passed to, and thereby leaves an open space for attackers to launch and execute commands that are allowed by the system and opens it up to attack from hackers who are aiming to crash the application or twisting the code to use it for their own gain.
Technical details about the vulnerability including the extent of exploitation, when and how it was discovered, havehowever not been shared by either the Mozilla team or the Qihoo 360 ATA team, but Mozilla shared an statement on their page which read,
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to type confusion. We are aware of targeted attacks in the wild abusing this flaw.
Users are advised strongly not to wait on automatic downloads to rectify this mistake, but to ensure that they install the updates themselves if need be, or use the Menu bar within the Mozilla browser to access the manual update option.
It is highly imperative that all users of the Mozilla browser application upgrade their software to the latest available version – with the patch, to avoid being at the end of targeted attacks from hackers. It is believed that due to this reported vulnerability, hackers will be able to remotelycatch unaware users off guard and use them as a conduit to execute as much unreasonable code as they can within the application.