close
Written by Anthony Carballo
on January 13, 2020

Mozilla announced a new critical vulnerability that was actively exploited in the wild; the good news is that as soon as they published the vulnerability, they released a patched version. All you need to do is checking the current version you have installed if it is not the version 72.0.1 or the Firefox ESR version 68.4.1, search for the corresponding latest version mentioned.

The bug appears to be 8 years old. It's yet another failure of the open-source (Just-In-Time) JIT-compilation code Firefox relies on. If exploited, it could potentially allow attackers to execute code on machines running the vulnerable version of Firefox.

 

How it works

According to Firefox, the critical zero-day flaw found is a type confusion vulnerability in IonMonkey, the JavaScript Just-In-Time (JIT) compiler for SpiderMonkey, Mozilla's JavaScript engine.

A type confusion vulnerability is a specific bug that can lead to out-of-bounds memory access and can lead to code execution or component crashes that an attacker can exploit. The attack can be leverage by luring a Firefox user with an outdated browser to a web page with malicious code.

 

Conclusions

This security patch comes a day after Firefox 72.0 was released with fixes for another 11 security vulnerabilities. Of the five high-severity vulnerabilities addressed, four could potentially be used by attackers for arbitrary code execution.

Firefox is not a bad browser; it needs some sanitization. In this version, they are offering fingerprinting protection. Fingerprinting allows companies to track users for months, even after users clear their browser storage or use private browsing mode, also last year, they launched a functionality called Enhanced Tracking Protection or ETP for short which helps you have more privacy blocking certain cookies that track your browsing.

 

Advice

Firefox comes by default with automatic updates when available; it should happen after a restart. However, it is better to be safe and always check manually for the update by going to Menu > Help > About Mozilla Firefox.

Do yourself a favor and install behavior analytics. Try ours for free!

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Threat report

Criminales usando Google Analytics para robar tarjetas de crédito

Investigadores informaron el lunes que cibercriminales están explotando el servicio de Google Analytics para robar infor...

Threat report

Ransomware usando mapa COVID-19

Hemos detectado un sitio web malicioso que se encuentra activo, el cual  está distribuyendo archivos sospechosos. Los mi...

Threat report

Intel processors – Another flaw but no patch available this time.

Researchers have discovered a new vulnerability that affects Intel processors, and that, for now, has no solution.