The weakness was actively exploited.
Mozilla has released an urgent Firefox update after discovering a serious security issue that could allow attackers to take control of users' computers.
The issue affects desktop versions of the browser, including Firefox ESR, which is intended for system administrators who control desktop environments in schools, offices, government agencies, and other organizations.
Mozilla has not given precise details of how the vulnerability has been exploited, but has attributed the discovery of the problem to Chinese Internet security company Qihoo 360.
As Ars Technica explains, CVE-2019-17026 is a type of vulnerability that could cause data to be written to or read from areas that are normally out of bounds. This could allow an attacker to execute malicious code or crash the browser.
"Incorrect alias information in the IonMonkey JIT compiler for setting array elements could lead to type confusion," explained Mozilla on his safety information page. "We know of targeted attacks that abuse this vulnerability."
Update your browser
The vulnerability (indexed as CVE-2019-17026) was patched with the Firefox 72.0.1 update. This should be installed automatically the next time the browser is restarted.
You can find out which version you are currently running and force an update manually by entering about: preferences # general in the address bar, scrolling down to 'Firefox updates' and clicking 'Restart to update Firefox' if the Option is available.
Mozilla has released an urgent Firefox update after discovering a serious security issue that could allow attackers to take control of users' computers.
The issue affects desktop versions of the browser, including Firefox ESR, which is intended for system administrators who control desktop environments in schools, offices, government agencies, and other organizations.
Mozilla has not given precise details of how the vulnerability has been exploited, but has attributed the discovery of the problem to Chinese Internet security company Qihoo 360.
As Ars Technica explains, CVE-2019-17026 is a type of vulnerability that could cause data to be written to or read from areas that are normally out of bounds. This could allow an attacker to execute malicious code or crash the browser.
"Incorrect alias information in the IonMonkey JIT compiler for setting array elements could lead to type confusion," explained Mozilla on his safety information page. "We know of targeted attacks that abuse this vulnerability."
Update your browser
The vulnerability (indexed as CVE-2019-17026) was patched with the Firefox 72.0.1 update. This should be installed automatically the next time the browser is restarted.
You can find out which version you are currently running and force an update manually by entering about: preferences # general in the address bar, scrolling down to 'Firefox updates' and clicking 'Restart to update Firefox' if the Option is available.
0 Comments:
Post a Comment