Lucene search

K
avleonovAlexander LeonovAVLEONOV:E4282EE7F282C86320DF8912B47DF172
HistoryJan 12, 2020 - 2:06 a.m.

0day RCE in Firefox

2020-01-1202:06:26
Alexander Leonov
feedproxy.google.com
188

0.534 Medium

EPSS

Percentile

97.6%

This seems like a pretty interesting vulnerability CVE-2019-17026 in Firefox (and Thunderbird) in Windows, MacOS and Linux.

A pretty interesting vulnerability in  Firefox  and Thunderbird

"Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw".

US-cert informs us that “an attacker could exploit this vulnerability to take control of an affected system”. Yep, it’s RCE.

On the one hand, it’s not a big deal, because Firefox will ask you to update it after the next launch.

Firefox will ask you to update it after the next launch

But if somewhere in your organization the old version of Firefox is used because it is the only version that is supported by some legacy application or plugin, you are in hell. Of course, this old browser may be only installed somewhere and not used, but still try to monitor this and take care. Especially if you use some custom Firefox-based build.