Critical Firefox Vuln Used in Targeted Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


Critical Firefox Vuln Used in Targeted Attacks


Mozilla has released patches for the bug reported by Coinbase.



Mozilla has patched a critical vulnerability under active exploit in the Firefox browser. 
Digital currency exchange Coinbase reported the vulnerability to Mozilla after discovering it in use for targeted attacks. According to the Mozilla advisory, the type confusion vulnerability (
CVE-2019-11707
) can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. 
The researcher who discovered the flaw – Samuel Groß of Google Project Zero and Coinbase Security – 
stated on Twitter
: The bug can be exploited for RCE but would then need a separate sandbox escape. However, most likely it can also be exploited for UXSS which might be enough depending on the attackers goals.
The vulnerability has been fixed in Firefox 67.0.3 and Firefox ESR 60.7.1. Read more 
here
and
here
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Critical Firefox Vuln Used in Targeted Attacks