Mozilla has patched a Firefox zero-day vulnerability (CVE-2019-17026) that is being exploited in attacks in the wild and is urging Firefox and Firefox ESR users to update their installations as soon as possible.
About CVE-2019-17026
A day after Mozilla released Firefox 72 – which blocks fingerprinting scripts by default for all users, replaces annoying notification request pop-ups from various sites with a speech bubble in the address bar, and fixes a number of security issues – the corporation pushed out Firefox 72.0.1 (and Firefox ESR 68.4.1) with a fix for CVE-2019-17026, a type confusion vulnerability in IonMonkey, the JavaScript Just-In-Time (JIT) compiler for Mozilla’s JavaScript engine (SpiderMonkey).
