CVE-2019-17026 : Zero-Day Vulnerability in Mozilla Firefox Exploited in Targeted Attacks
Mozilla releases patch to address Firefox flaw being used as part of targeted attacks.
On January 8, Mozilla Foundation released a security advisory to address a critical zero-day flaw in Mozilla Firefox, which has been exploited in targeted attacks.
The vulnerability was reported to Mozilla by researchers at Qihoo 360 ATA. Mozilla’s advisory states they are “aware of targeted attacks in the wild abusing this flaw.” Based on this note in the advisory, it appears the vulnerability was exploited in the wild as a zero-day. Further information about the exploitation was not available at the time this blog post was published.
- Firefox 72: Mozilla Foundation Security Advisory 2020-01
- Firefox ESR 68.4: Mozilla Foundation Security Advisory 2020-02
Proof of concept
At this time, no proof of concept is available for this vulnerability.
To address CVE-2019-17026, Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1. Because this vulnerability has been exploited in targeted attacks, Firefox users are advised to upgrade as soon as possible.
Identification des systèmes affectés
A list of Tenable plugins to identify this vulnerability will appear here as they’re released.
Où trouver plus d'informations
Rejoignez l'équipe SRT de Tenable sur Tenable Community.
Apprenez-en plus sur Tenable, la première plateforme de Cyber Exposure qui vous permet de gérer votre surface d'attaque moderne de manière globale.
Profitez d'un essai gratuit de 30 jours de Tenable.io Vulnerability Management.
Êtes-vous à la merci des derniers exploits ?
Indiquez votre adresse e-mail pour recevoir les dernières alertes de Cyber Exposure.