firefox-68.4.1 (0day: CVE-2019-17026)
|Reported by:||Douglas R. Reno||Owned by:|
New point version of Firefox ESR.
This is marked as critical as there is a 0-day vulnerability currently being exploited in the wild. Here are the details:
Mozilla Foundation Security Advisory 2020-03 Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1 Announced January 8, 2020 Impact critical Products Firefox, Firefox ESR Fixed in Firefox 72.0.1 Firefox ESR 68.4.1 #CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement Reporter Qihoo 360 ATA Impact critical Description Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. References Bug 1607443
The United States Department of Homeland Security has also issued an advisory through their CISA (Cybersecurity and Infrastructure Security Agency) today.
Mozilla Patches Critical Vulnerability Original release date: January 08, 2020 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.
We should probably get this in ASAP.