A type confusion bug exists in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla thunderbird |
||
mozilla firefox esr |
||
mozilla firefox |
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network, Q2 2019 will be remembered for several events. First, we uncovered a large-scale financial threat by the name of Riltok, which targeted clients of not only major Russian banks, but some foreign ones too. Second, we detected the new Trojan.AndroidOS.MobOk malware, tasked with stealing money from mobile accounts through explo...
Patch released after crypto-currency biz sounded alarm
The development and release of a critical Firefox security patch this week was, in part, triggered by an attempted cyber-heist of crypto-coin exchange Coinbase. Coinbase chief information security officer Philip Martin said on Wednesday night the digital-dosh trading site was one of the prime targets of hackers, who tried to exploit a zero-day vulnerability, CVE-2019-11707, a JavaScript type-confusion flaw in Firefox, to execute malicious code on Coinbase staff machines. Coinbase, along with Pro...
Just make sure you're running the latest version
Mozilla has released an emergency critical update for Firefox to squash a zero-day vulnerability that is under active attack. The Firefox 67.0.3 and ESR 60.7.1 builds include a patch for CVE-2019-11707. The vulnerability is a type confusion bug in the way Firefox handles JavaScript objects in Array.pop. By manipulating the object in the array, malicious JavaScript on a webpage could get the ability to remotely execute code without any user interaction. This is a bad thing. What's worse, Mozilla ...