Wednesday , February 19 2020
Home / Security / Mozilla patches Firefox zero-day as attackers exploit flaw

The release of Firefox 72.0.1 came just one day after the newest version of the browser rolled out and foxes a type confusion bug in the IonMonkey JavaScript JIT (Just-in-Time) compiler of SpiderMonkey.

Mozilla patches Firefox zero-day as attackers exploit flaw

By

Senior Reporter,

Computerworld |

Just one day after releasing Firefox 72, Mozilla updated the browser with a fix to shut down active attacks, the company acknowledged.

On Wednesday, Mozilla issued Firefox 72.0.1, which included one change: A patch for the vulnerability identified as CVE-2019-17026. “We are aware of targeted attacks in the wild abusing this flaw,” Mozilla said in the short description of the flaw, signaling that criminals were already leveraging the zero-day vulnerability, the term applied because there no time elapses between patching and exploitation.

Mozilla credited Qihoo 360, a Chinese developer of anti-virus and other security software, for reporting the bug. Qihoo also created and manages the 360 Secure Browser, which relies on Google’s rendering and JavaScript engines, as does Chrome and Microsoft Edge.

The Firefox flaw was characterized as a type confusion bug in the IonMonkey JavaScript JIT (Just-in-Time) compiler of SpiderMonkey, the browser’s JavaScript engine.

Mozilla rated the vulnerability as “Critical,” the most serious rating in its multi-step ranking system. To manually update the browser, users can select Help > About Firefox on Windows or Firefox > About Firefox on macOS. The resulting page shows that the browser is either up to date or describes the refresh process.

Wednesday’s update was the first aimed at a zero-day vulnerability in Firefox since June, when Mozilla patched another critical type confusion flaw.

This story, “Mozilla patches Firefox zero-day as attackers exploit flaw” was originally published by

Computerworld.

Senior Reporter Gregg Keizer covers Windows, Office, Apple/enterprise, web browsers and web apps for Computerworld.

Copyright © 2020 IDG Communications, Inc.

This Article was first published on itnews.com

About IT News Ug

Check Also

Thirteen rules for developing secure Java applications

How to make Java security a top priority at every stage of application development, from class-level language features to API endpoint authorization

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

//onemboaran.com/afu.php?zoneid=2572107