close
Written by Anthony Carballo
on January 13, 2020

Mozilla announced a new critical vulnerability that was actively exploited in the wild; the good news is that as soon as they published the vulnerability, they released a patched version. All you need to do is checking the current version you have installed if it is not the version 72.0.1 or the Firefox ESR version 68.4.1, search for the corresponding latest version mentioned.

The bug appears to be 8 years old. It's yet another failure of the open-source (Just-In-Time) JIT-compilation code Firefox relies on. If exploited, it could potentially allow attackers to execute code on machines running the vulnerable version of Firefox.

 

How it works

According to Firefox, the critical zero-day flaw found is a type confusion vulnerability in IonMonkey, the JavaScript Just-In-Time (JIT) compiler for SpiderMonkey, Mozilla's JavaScript engine.

A type confusion vulnerability is a specific bug that can lead to out-of-bounds memory access and can lead to code execution or component crashes that an attacker can exploit. The attack can be leverage by luring a Firefox user with an outdated browser to a web page with malicious code.

 

Conclusions

This security patch comes a day after Firefox 72.0 was released with fixes for another 11 security vulnerabilities. Of the five high-severity vulnerabilities addressed, four could potentially be used by attackers for arbitrary code execution.

Firefox is not a bad browser; it needs some sanitization. In this version, they are offering fingerprinting protection. Fingerprinting allows companies to track users for months, even after users clear their browser storage or use private browsing mode, also last year, they launched a functionality called Enhanced Tracking Protection or ETP for short which helps you have more privacy blocking certain cookies that track your browsing.

 

Advice

Firefox comes by default with automatic updates when available; it should happen after a restart. However, it is better to be safe and always check manually for the update by going to Menu > Help > About Mozilla Firefox.

Do yourself a favor and install behavior analytics. Try ours for free!

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Threat report

Ryuk ransomware - The ransomware that switches on your computer.

You probably think that when a computer is turned off nothing terrible could happen to it, with this new ransomware vari...

Vulnerability Threat report

CryptoAPI Spoofing Vulnerability, Windows flaw discovered by the NSA

Microsoft released patches addressing 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the ...

Threat report

Snatch Ransomware – Reboots PCs into Safe Mode to bypass security.

A new variant of Snatch ransomware has been seen in the wild. A unique particularity is that it first reboots the infect...