Threat Watch

Firefox 0-day Being Abused in the Wild

The Mozilla Foundation issued a security advisory for users of its Firefox web browser on January 8th. Originally reported to Mozilla by the security firm Qihoo 360, CVE-2019-17026 involves Firefox’s IonMonkey JavaScript Just-in-Time (JIT) compiler. A JIT compiler is responsible for compiling JavaScript to run inside the browser which can greatly increase performance. According to Mozilla, “Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.” The advisory is a brief one for now and offers little detail as to how the flaw is being exploited in the wild or to what extent.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Users of Mozilla Firefox should update immediately to Firefox 72.0.1 or Firefox ESR 68.4.1. This can be done through the browser’s built-in update feature but may need to be run manually, depending on set preferences. Always be mindful of clicking links from untrusted sources. Anti-virus products should be kept up-to-date on workstations and personal devices to help protect against any threats that may arise. EDR (endpoint detection and response) or MDR (managed detection and response) solutions can also help to spot threats before they begin to spread.

Source: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/, https://nakedsecurity.sophos.com/2020/01/09/browser-zero-day-update-your-firefox-right-now/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support