Mozilla today released an emergency version update that focuses on fixing a zero-day vulnerability that could have been exploited, allowing an attacker to take control of a user’s computer. In a security advisory released today, Mozilla rated the vulnerability as “severe” and said there was evidence that multiple hackers had exploited the vulnerability to carry out targeted attacks.
The U.S. Cyber Security and Infrastructure Security Agency has warned that at least one vulnerability has been exploited by hackers and warned that hackers could use it to control affected systems. Mozilla’s announcement said the vulnerability was discovered largely because of the domestic security team Qihoo 360, which they reported to Mozilla.
Media arstechnica sent an email to Mozilla and Qihoo 360 about the matter, and there was no immediate response. It is known that the vulnerability number CVE-2019-17026 is a serious vulnerability in type confusion that can cause data to be written or read beyond the limited memory location. Cross-border reading, on the other hand, can allow attackers to bypass protections such as address space layout randomization, and can also cause a computer to crash.
The vulnerability was fixed in the Firefox 72.0.1 update released Tuesday, and it also fixed 11 other vulnerabilities, six of which were rated high (three of which allowed attackers to run malicious programs on infected devices). It is therefore recommended that users upgrade to the latest version of Firefox as soon as possible to avoid being affected by this vulnerability.
Download address: https://ftp.mozilla.org/pub/firefox/releases/72.0.1/