A critical zero-day vulnerability has been discovered in Mozilla Firefox. Also known as CVE-2019-11707, the issue is a Type Confusion vulnerability due to issues in Array.pop which can happen when someone manipulates JavaScript objects.
According to the Mozilla Foundation Security Advisory, A cybersecurity researcher at Google and the Coinbase Security Team discovered the Firefox zero-day vulnerability which allows attackers to remotely execute arbitrary code on devices that run Firefox. This gives the attackers access and control over the infected devices. It’s advisable to scan your IT inventory and update all the assets in your network.
We recommend installing the latest patch from Mozilla, Firefox 67.0.3 or Firefox ESR 60.7.1, which contains a fix for the security vulnerability. Firefox zero-days are uncommon (the last security issue was in December 2016). Don’t forget to update Google Chrome for Zero Day exploits as well.
Audit Your IT Environment in a Few Seconds to See All Devices at Risk
This custom color-coded vulnerability report tells you in no time which devices run Mozilla Firefox versions and which workstations need patching. If you haven’t already, start your free Lansweeper trial and get a list of all machines in your network that might be vulnerable to the Mozilla Firefox exploit and start taking action.