Mozilla Firefox and Citrix Vulnerabilities | Firefox Releases Patch
Firefox and Citrix under attack
Firefox and Citrix under attack

News highlights:

  1. Critical type-confusion vulnerability in Mozilla Firefox browser exploited in wild
  2. The vulnerability is in the ‘IonMonkey’ Javascript JIT compiler due to wrong information entered
  3. Mozilla releases a patch in Firefox latest versions, users advised to update ASAP
  4. Citrix vulnerability in Application Device Controller and Citrix Gateway is close to exploitation
  5. Researchers spotted attackers trying to scan for weak targets and working on an exploit
  6. Citrix has not released a patch yet, users advised to look out for attacks

Details about the Firefox attacks

It is a wild world for exploring the net out there. Netizens have to be extra careful with what software they are using. Even the biggest of technology companies have to suffer attacks by hackers hiding in the wild.

Recently, Mozilla Firefox has released patches for a critical vulnerability that has apparently been exploited by attackers.

Meanwhile, a previous Citrix flaw which also happened to be critical, and unfortunately, remains unpatched till date, has also begun to be at the target of bad actors.

Mozilla Firefox is being attacked in the wild by hackers who are taking advantage of a vulnerability named Type Confusion. It has been classified as a critical bug of the highest priority by Bugzilla.

SpiderMonkey is Mozilla’s JavaScript engine which is used in products like Firefox. The Javascript Just-In-Time compiler that SpiderMonkey uses is called IonMonkey where the vulnerability resides.

This flaw occurs when incorrect alias information is entered in IonMonkey to set array elements that contain similar data type.

It has been assigned CVE-2019-17026, yet more information about it is awaited. Mozilla had previously fixed another type-confusion vulnerabilities as well.

“IonMonkey incorrectly predicts return type of Array.prototype.pop, leading to type confusions,” says Bugzilla regarding a similar bug that was patched last year.

mozilla firefox vulnerability

Exploitation of Firefox vulnerabilities 

Exploiting this type-confusion vulnerability could lead to arbitrary remote code execution or even crashing of machines.

The flaw was initially tracked by Qihoo 360 ATA researchers and can be triggered by an attacker by misleading a user to a malicious web page where the malicious code can be executed.

According to reports, there have been targeted attacks in the wild, that are exploiting this vulnerability. Mozilla has responded to this with a patch in Firefox 72.0.1 and Firefox ESR (Extended Support Release) 68.4.1 versions.

The affected software are:

  • Firefox ESR < 60.7.1
  • Firefox < 67.0.3
  • Thunderbird < 60.7.2

The flaw impacts Mozilla software in all operating systems like Windows, Linux and MacOS.

What are the Citrix attacks?

Remember the Citrix vulnerability we had informed you about just a few days back? It was a critical remote code execution flaw that affected Citrix Application Device Controller and Citrix Gateway.

Around 80,000 companies using the Citrix software were at risk while the patch was still work in progress. Turns out that attackers are trying their best to crack up the vulnerable systems.

Researchers have found through their honeypots (used to detect cyber attacks) that attackers are actively scanning for vulnerable targets and might be close to exploiting the bug.

citrix vulnerability

We suggest that you if you use any of these software, you should go and update them now, or check if there was any attempt at unauthorised access by anyone.

In such a case, consult a cyber security specialist and work out a quick solution before things get out of hand.

We also encourage everyone to keep them subscribed to automatic updates for all software as they contain important emergency bug fixes most of the time.

What do you think about this news? Let us know in the comments section below. Share these critical security alerts with your friends and colleagues.

Stay tuned, stay safe.

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

©2020 Tech Brewery. All Rights Reserved. Website By Amagraphs.

Forgot your details?

Create Account