Firefox gets emergency fix for zero-day exploit

Posted on Thursday, January 09 2020 @ 11:18 CET by Thomas De Maesschalck

Hot on the heels of Tuesday's release of Firefox 72, Mozilla rolls out Firefox 72.0.1 to fix a bug that's being actively exploited by cybercriminals. Not a lot of details were released but it appears the vulnerability is dangerous enough to allow attackers to gain control of your system.

CVE-2019-17026, as the vulnerability is indexed, is a type confusion, a potentially critical error that can result in data being written to, or read from, memory locations that are normally off-limits. These out-of-bounds reads may allow attackers to discover memory locations where malicious code is stored, so that protections such as address space layout randomization can be bypassed. Out-of-bounds reads can also cause crashes.

Firefox 72 already fixed 11 other vulnerabilities, six of which were rated as high. Three of these bugs potentially allowed attackers to execute malicious code on your computer. As always, it's best to update your software regularly to avoid issues.

Via: ARS Technica

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!