Mozilla fixed a Firefox Zero-Day flaw exploited in targeted attacks

Mozilla released security updates for Firefox that addressed a critical zero-day vulnerability exploited in targeted attacks in the wild.

Mozilla released security updates for its Firefox web browser that address a critical vulnerability that has been actively exploited in the wild.

The zero-day vulnerability, tracked as CVE-2019-11707, is a type confusion flaw in Array.pop. Mozilla has addressed it with the release of Firefox 67.0.3 and Firefox ESR 60.7.1.

“A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.” reads the security advisory published by Mozilla.

mozilla firefox zero-day

The flaw was reported by Coinbase Security and Samuel Groß of Google Project Zero team. Samuel Groß explained that he reported the bug to Mozilla on April 15, 2019.

The researcher explained that the vulnerability could be used for remote code execution if chained with a separate sandbox escape issue.

Mozilla confirmed that threat actors exploited the zero-day in targeted attacks in the wild, the organizations did not provide technical details of the issue.

The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) also issued a short alert for the vulnerability in Mozilla.

“Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.” states the alert. “This vulnerability was detected in exploits in the wild.”

In 2016, security researchers found a malicious script that exploited another Firefox Zero-day to identify some users of the Tor anonymity network.

Pierluigi Paganini

(SecurityAffairs – Mozilla Firefox zero-day, hacking)

The post Mozilla fixed a Firefox Zero-Day flaw exploited in targeted attacks appeared first on Security Affairs.

Security Affairs


Are you looking for products for hacking, cybersecurity, and penetration testing? Do you need to cleanse your smartphone, PC, or website from viruses and malware? Do you need to track down a person or recover urgent information? Do you need to regain control of an account, email, or password that has been stolen from you? Interested in purchasing pre-configured devices to easily and quickly experiment with hacking techniques? Do you have specific requirements in software or hardware? We can assist you!

Contact us immediately for immediate assistance: provide us with details via email or WhatsApp about the type of support you need, and we will respond you promptly!

Fill out and submit the form below to send us an immediate support request

Write your email address here

Write here how we can help you - we provide immediate support for all your needs!

chevron_left
chevron_right