[ad_1]
Mozilla has released emergency updates for the Firefox browser. The stable versions of Firefox 67.0.3 and Firefox ESR 60.7.1 close a vulnerability clbadified as critical in the free browser, which is currently exploited by Mozilla aggressively by attackers. Users who have not yet received these updates should import them urgently.
Job market
The Cause of Vulnerability (CVE-2019-11707) is a so-called type confusion, which can occur when Javascript objects are manipulated. The actual error occurs in the Array.Pop () method, which returns the last element of an array and removes the array entry. In the security alert, Mozilla also writes that this allows attackers to crash, which in turn can be used to execute malicious code.
Found and reported error probably different security researchers independently. On the one hand, the results are attributed to researcher Samuel Groß of Google's Project Zero. Groß is working on a fuzzer for javascript engines called Fuzzilli and has already found several vulnerabilities in Browser, but this year already four in the Ionmonkey Javascript engine of the Firefox browser. In addition, Mozilla points the finger at the security team of Coinbase Cryptocurrency Exchange. The bug may have been actively exploited by the users of the platform.
Although more details about the vulnerability are not yet available, bug fixes and discussions with Bugtracker are expected to be released by Mozilla and Google's Project Zero once the majority of users update. available ,
Source link
