• Home
  • Apps
  • Apps News
  • Mozilla Firefox 72.0.1 Debuts to Fix an Actively Exploited Zero Day Vulnerability

Mozilla Firefox 72.0.1 Debuts to Fix an Actively Exploited Zero-Day Vulnerability

The latest zero-day vulnerability has been indexed as CVE-2019-17026.

Share on Facebook Tweet Snapchat Share Reddit Comment
Mozilla Firefox 72.0.1 Debuts to Fix an Actively Exploited Zero-Day Vulnerability

Mozilla has released the new Firefox version just a day after bringing its version 72.0.0

Highlights
  • Mozilla Firefox 72.0.1 is available for download
  • A security advisory has been issued to detail the flaw
  • Mozilla last year fixed two zero-day vulnerabilities in Firefox

Mozilla has released Firefox 72.0.1 that patches an actively exploited zero-day vulnerability. The flaw, which is the third zero-day that the Firefox maker has fixed over the last year after patching two major security loopholes in June last year, impacted JavaScript JIT compiler IonMonkey. It was first reported by China's Qihoo 360. The new Firefox release comes just a day day after Mozilla brought its version 72.0.0 with fixes for six high-rated vulnerabilities. Three of those loopholes could allow attackers to run malicious code remotely on affected systems to gain backdoor access.

The latest zero-day vulnerability has been indexed as CVE-2019-17026. Mozilla has confirmed through a security advisory that the flaw has been fixed in Firefox 72.0.1 as well as Firefox ESR 68.4.1.

“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw,” the company noted while describing the vulnerability in its advisory.

Mozilla has credited Qihoo 360 for reporting the flaw. However, further clarity on its impact hasn't been provided.

The vulnerability was categorised as a type confusion, which is potentially a critical error that could impact data processing. It is unclear that how it has been leveraged by attackers, though.

As reported by Catalin Cimpanu of ZDNet, Qihoo 360 Core highlighted that in addition to the flaw existed in Firefox, a zero-day vulnerability is affecting Internet Explorer. The Chinese firm, however, reportedly deleted the details revealing the issue within Microsoft's Web browser after briefing posting them on Twitter.

Mozilla in June last year fixed two zero-day vulnerability issues that impacted Coinbase employees and Mac users involved in cryptocurrency exchange. The vulnerabilities were indexed as CVE-2019-11707 and CVE-2019-11708.

Users are advised to download the latest Firefox version to avoid any security issues. The browser can be updated by going through Help > About Firefox.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Jagmeet Singh Tech journalist by profession, tech explorer by passion. Budding philomath. More
CES 2020: Samsung Launches Portable SSD T7 Touch With Fingerprint Sensor, Arrives Next Month in India
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.