ALERT-Sri Lanka CERT|CC - Firefox Zero-Day Vulnerability

Firefox Zero-Day Vulnerability 

Systems Affected

  • Firefox versions below 72.0.1
  • Firefox ESR versions below 68.4.1

Threat Level

High

Overview

Vulnerability allows an attacker to crash the application or perform code execution.

Description

Vulnerability (CVE-2019-17026) is currently available above Firefox versions on your windows, Linux or Mac. Vulnerability labeled as ‘type confusion vulnerability’ which resides on IonMonkey just-in-time (JIT) compiler of Mozilla’s Java Script engine called Spider Monkey.

Due to this vulnerability the code doesn’t verify what objects it is passed to and blindly uses it without checking its type, which will allow an attacker to crash the application or to perform code execution.

Impact

  • Crash the application.
  • Install backdoors and spyware.
  • Data and configuration modifications.
  • Distribute malicious programs.

Solution/ Workarounds

  • Update the latest version of the Mozilla’s Firefox on Windows, Linux and Mac.

References

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Rate this item
(0 votes)

Leave a comment

Please do not enter any marketing or illegal statements | කරුණාකර අලෙවිකරණ හෝ නීති විරෝධී ප්‍රකාශන ඇතුළත් නොකරන්න.

272 comments

Video Of The Day | දවසේ වීඩියෝව

Subscribe to Weekly Email Newsletter




Joomla Extensions powered by Joobi

Articles Archive

Articles Calendar

« December 2021 »
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
032028611
Today
Yesterday
This Week
Last Week
This Month
Last Month
All days
6566
53388
116743
31178696
268784
1148542
32028611
Your IP: 213.180.203.17
2021-12-07 05:55
Go to top