Firefox’ update releases with the patch of CVE-2019-17026 vulnerability

January 11, 2020

Mozilla Firefox new update has rolled out with the fix of a zero-day vulnerability labeled as CVE-2019-17026 which was actively exploited in the wild.  The vulnerability allows attackers who exploit the browser to take the complete control over the infected system.

Here is the notification issued by The United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA):

“Mozilla has released security updates to address vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.”

This actually states how critical the vulnerability was. The Firefox’ update with the fixes of this vulnerability was released on January 8 just after another major update version 72 on Jan 7 that fixed 11 security vulnerability. All Firefox users should immediately patch the browser with the latest update, which is 72.0.1 for Firefox and 68.4.1 Firefox ESR.

From where the vulnerability occurs

Mozilla Firefox is the very popular and the second most used browser after Google Chrome. Latest statistic says, it is taking 9.54% of the market share in the business. This may be the reason why the update is sincerely focused and government based institute was advising users to install the latest update of the Firefox with the patch of the zero-day vulnerability.

Qihoo 360, a Chinese security firm discovered this CVE-2019-17026 flaw of the Firefox browser. No finding of the threat Intelligence Company were published publically and no any details were revealed to those who tried to contact the firm. What is known that, the vulnerability occurs when the resource that the program allocates or initializes with does not find any match with what the resources originally used in it. In other word, some remote code execution could be used for accessing to the program.

What the only thing that is known currently, as explained in Mozilla’s advisory:

“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion.”

Zero-day vulnerabilities are very dangerous

Zero-day vulnerabilities of a program are those bugs that have not yet discovered by the developer or other members of info-security community and are being used by malicious actors in the wild. Hackers can utilize such bugs and exploit anything without limitations. Recently, the  two Firefox’s vulnerabilities that have been patched affected Mac OS version of the browser and allowed the hackers to create backdoor for cryptocurrency exchange.

More Stories

How Optimum Gives a Seamless Gaming Experience?

December 13, 2023

Windows 11 Update: Say Bye To These Features

June 25, 2021

Massachusetts MassNotify Android COVID App Forced By Google

June 21, 2021

You may have missed

How to Remove Henidspost.com from PC

May 3, 2024

How To Remove Monro40.casino from PC

May 3, 2024

Alert: Muskxcoins Unveiled – Beware Bitcoin Promo Code Scam!

May 3, 2024

How to Remove Bihanrit.xyz pop-up Scam from PC

May 3, 2024

Alert: Nurinex Unveiled – Beware Bitcoin Promo Code Scam!

May 3, 2024