{"id":17394,"date":"2020-01-09T12:30:10","date_gmt":"2020-01-09T20:30:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/01\/09\/news-11130\/"},"modified":"2020-01-09T12:30:10","modified_gmt":"2020-01-09T20:30:10","slug":"news-11130","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/01\/09\/news-11130\/","title":{"rendered":"Mozilla patches Firefox zero-day as attackers exploit flaw"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.techhive.com\/images\/article\/2016\/05\/pcw-firefox-primary-100662826-primary.idge.jpg\"\/><\/p>\n<p><strong>Credit to Author: Gregg Keizer| Date: Thu, 09 Jan 2020 11:46:00 -0800<\/strong><\/p>\n<p>Just <a href=\"https:\/\/www.computerworld.com\/article\/3251749\/whats-in-the-latest-firefox-update-firefox-72-nixes-fingerprinting-obnoxious-notification-appeals.html\">one day after releasing Firefox 72<\/a>, Mozilla updated the browser with a fix to shut down active attacks, the company acknowledged.<\/p>\n<p>On Wednesday, Mozilla issued Firefox 72.0.1, which included one change: A patch for the vulnerability identified as <i>CVE-2019-17026<\/i>. &#8220;We are aware of targeted attacks in the wild abusing this flaw,&#8221; Mozilla said in the <a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2020-03\/\" rel=\"noopener nofollow\" target=\"_blank\">short description of the flaw<\/a>, signaling that criminals were already leveraging the zero-day vulnerability, the term applied because there no time elapses between patching and exploitation.<\/p>\n<p>Mozilla credited Qihoo 360, a Chinese developer of anti-virus and other security software, for reporting the bug. Qihoo also created and manages the 360 Secure Browser, which relies on Google&#8217;s rendering and JavaScript engines, as does Chrome and Microsoft Edge.<\/p>\n<p>The Firefox flaw was characterized as a <i>type confusion<\/i> bug in the IonMonkey JavaScript JIT (Just-in-Time) compiler of SpiderMonkey, the browser&#8217;s JavaScript engine.<\/p>\n<p>Mozilla rated the vulnerability as &#8220;Critical,&#8221; the most serious rating in its multi-step ranking system. To manually update the browser, users can select <i>Help &gt; About Firefox<\/i> on Windows or <i>Firefox &gt; About Firefox<\/i> on macOS. The resulting page shows that the browser is either up to date or describes the refresh process.<\/p>\n<p>Wednesday&#8217;s update was the first aimed at a zero-day vulnerability in Firefox <a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2019-18\/\" rel=\"noopener nofollow\" target=\"_blank\">since June<\/a>, when Mozilla patched another critical type confusion flaw.<\/p>\n<p><a href=\"https:\/\/www.computerworld.com\/article\/3513362\/mozilla-patches-firefox-zero-day-as-attackers-exploit-flaw.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.techhive.com\/images\/article\/2016\/05\/pcw-firefox-primary-100662826-primary.idge.jpg\"\/><\/p>\n<p><strong>Credit to Author: Gregg Keizer| Date: Thu, 09 Jan 2020 11:46:00 -0800<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>Just <a href=\"https:\/\/www.computerworld.com\/article\/3251749\/whats-in-the-latest-firefox-update-firefox-72-nixes-fingerprinting-obnoxious-notification-appeals.html\">one day after releasing Firefox 72<\/a>, Mozilla updated the browser with a fix to shut down active attacks, the company acknowledged.<\/p>\n<p>On Wednesday, Mozilla issued Firefox 72.0.1, which included one change: A patch for the vulnerability identified as <i>CVE-2019-17026<\/i>. &#8220;We are aware of targeted attacks in the wild abusing this flaw,&#8221; Mozilla said in the <a href=\"https:\/\/www.mozilla.org\/en-US\/security\/advisories\/mfsa2020-03\/\" rel=\"noopener nofollow\" target=\"_blank\">short description of the flaw<\/a>, signaling that criminals were already leveraging the zero-day vulnerability, the term applied because there no time elapses between patching and exploitation.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3513362\/mozilla-patches-firefox-zero-day-as-attackers-exploit-flaw.html#jump\">To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[12014,714],"class_list":["post-17394","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-browsers","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17394","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17394"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17394\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17394"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17394"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17394"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}