Mozilla releases patch for a severe vulnerability in Firefox2020-01-10 16:58 by Daniela
Tags: Mozilla, Firefox, vulnerability
Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in "targeted attacks" against users. The vulnerability (indexed as CVE-2019-17026) has been patched with the Firefox 72.0.1 update. This should be installed automatically next time you restart the browser.
CVE-2019-17026 is a potentially critical error that can result in data being written to, or read from, memory locations that are normally off-limits. These out-of-bounds reads may allow attackers to discover memory locations where malicious code is stored so that protections such as address space layout randomization can be bypassed. Out-of-bounds reads can also cause crashes.
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has also published a warning, recommending users to install the latest Firefox version. A successful attack can provide a malicious actor with full control of a compromised device, it says.
"Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates," CISA says.
Read more -here-