image credit: Z Jason / Flickr

Mozilla plugs critical Firefox zero-day used in targeted attacks

June 19, 2019

A critical Firefox zero-day remote code execution vulnerability is being abused in targeted attacks in the wild, Mozilla has warned on Tuesday.

About the vulnerability (CVE-2019-11707)

Mozilla did not share many details about the flaw – it simply stated that it is a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, and that it can trigger an exploitable crash.

The flaw can be exploited to achieve arbitrary code execution. Depending on the privileges associated with user active at the time of the attack, an attacker could install programs, view, change, or delete data, or create new accounts with full user rights.

Read More on Help Net Security