![]() Read Nextįirefox releases v66.0.4 and 60.6. Mozilla then released an emergency fix in Firefox 50.0.2 and 45.5.1 ESR. The attackers then collected the user data that included their IP addresses, MAC addresses, and hostnames. ![]() Back in 2016, a vulnerability was reported in Firefox that was exploited by attackers to de-anonymize Tor Browser users. This is not the first time when a zero-day vulnerability has been found in Firefox. Or, they can click on the hamburger icon on the upper-right hand corner, type Update into the search box and hit the Restart to update Firefox button to be sure. Users can install the patched Firefox versions by downloading them from Mozilla’s official website. “ The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.” Future official releases Firefox 102.5 ESR Firefox 102.6 ESR Firefox 102.7 ESR Firefox 102.8 ESR Firefox 102.9 ESR Firefox 102.10 ESR Firefox 102.11 ESR. The US Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert informing users and administrators to update Firefox as soon as possible: In general, we can say that type confusion happens when a piece of code fails to verify the object type that is passed to it and blindly uses it without type-checking. Not much information has been disclosed about the vulnerability yet, apart from this short description on the advisory page. We are aware of targeted attacks in the wild abusing this flaw.” It is a type confusion vulnerability tracked as CVE-2019-11707 that occurs “ when manipulating JavaScript objects due to issues in Array.pop. Chocolatey is trusted by businesses to manage software deployments. Chocolatey integrates w/SCCM, Puppet, Chef, etc. This critical zero-day flaw was reported by Samuel Groß, a security researcher with Google Project Zero security team and the Coinbase Security team. Chocolatey is software management automation for Windows that wraps installers, executables, zips, and scripts into compiled packages. So, if you are a Firefox user, it is recommended that you update it right now. Yesterday, Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 to fix an actively exploited vulnerability that can enable attackers to remotely execute arbitrary code on devices using vulnerable versions.
0 Comments
Leave a Reply. |