- Critical type-confusion vulnerability in Mozilla Firefox browser exploited in wild
- Mozilla releases a patch in Firefox latest versions, users advised to update ASAP
- Citrix vulnerability in Application Device Controller and Citrix Gateway is close to exploitation
- Researchers spotted attackers trying to scan for weak targets and working on an exploit
- Citrix has not released a patch yet, users advised to look out for attacks
Details about the Firefox attacks
It is a wild world for exploring the net out there. Netizens have to be extra careful with what software they are using. Even the biggest of technology companies have to suffer attacks by hackers hiding in the wild.
Recently, Mozilla Firefox has released patches for a critical vulnerability that has apparently been exploited by attackers.
Meanwhile, a previous Citrix flaw which also happened to be critical, and unfortunately, remains unpatched till date, has also begun to be at the target of bad actors.
Mozilla Firefox is being attacked in the wild by hackers who are taking advantage of a vulnerability named Type Confusion. It has been classified as a critical bug of the highest priority by Bugzilla.
This flaw occurs when incorrect alias information is entered in IonMonkey to set array elements that contain similar data type.
It has been assigned CVE-2019-17026, yet more information about it is awaited. Mozilla had previously fixed another type-confusion vulnerabilities as well.
“IonMonkey incorrectly predicts return type of Array.prototype.pop, leading to type confusions,” says Bugzilla regarding a similar bug that was patched last year.
Exploitation of Firefox vulnerabilities
Exploiting this type-confusion vulnerability could lead to arbitrary remote code execution or even crashing of machines.
The flaw was initially tracked by Qihoo 360 ATA researchers and can be triggered by an attacker by misleading a user to a malicious web page where the malicious code can be executed.
According to reports, there have been targeted attacks in the wild, that are exploiting this vulnerability. Mozilla has responded to this with a patch in Firefox 72.0.1 and Firefox ESR (Extended Support Release) 68.4.1 versions.
The affected software are:
- Firefox ESR < 60.7.1
- Firefox < 67.0.3
- Thunderbird < 60.7.2
The flaw impacts Mozilla software in all operating systems like Windows, Linux and MacOS.
What are the Citrix attacks?
Remember the Citrix vulnerability we had informed you about just a few days back? It was a critical remote code execution flaw that affected Citrix Application Device Controller and Citrix Gateway.
Around 80,000 companies using the Citrix software were at risk while the patch was still work in progress. Turns out that attackers are trying their best to crack up the vulnerable systems.
Researchers have found through their honeypots (used to detect cyber attacks) that attackers are actively scanning for vulnerable targets and might be close to exploiting the bug.
We suggest that you if you use any of these software, you should go and update them now, or check if there was any attempt at unauthorised access by anyone.
In such a case, consult a cyber security specialist and work out a quick solution before things get out of hand.
We also encourage everyone to keep them subscribed to automatic updates for all software as they contain important emergency bug fixes most of the time.
What do you think about this news? Let us know in the comments section below. Share these critical security alerts with your friends and colleagues.
Stay tuned, stay safe.