Details
computerworld.com RSS
Hauptkategorie: IT News aus aller Welt
Kategorie: Computer & Internet
Veröffentlicht: Do, 09.01.2020 21:46
Mozilla patches Firefox zero-day as attackers exploit flaw | Computerworld The release of Firefox 72.0.1 came just one day after the newest version of the browser rolled out and foxes a type confusion bug in the IonMonkey JavaScript JIT (Just-in-Time) compiler of SpiderMonkey. IDG "); }); try { $("div.lazyload_blox_ad").lazyLoadAd({ threshold : 0, // You can set threshold on how close to the edge ad should come before it is loaded. Default is 0 (when it is visible). forceLoad : false, // Ad is loaded even if not visible. Default is false. onLoad : false, // Callback function on call ad loading onComplete : false, // Callback function when load is loaded timeout : 1500, // Timeout ad load debug : false, // For debug use : draw colors border depends on load status xray : false // For debug use : display a complete page view with ad placements }) ; } catch (exception){ console.log("error loading lazyload_ad " + exception); } }); Just one day after releasing Firefox 72, Mozilla updated the browser with a fix to shut down active attacks, the company acknowledged.On Wednesday, Mozilla issued Firefox 72.0.1, which included one change: A patch for the vulnerability identified as CVE-2019-17026. "We are aware of targeted attacks in the wild abusing this flaw," Mozilla said in the short description of the flaw, signaling that criminals were already leveraging the zero-day vulnerability, the term applied because there no time elapses between patching and exploitation.Mozilla credited Qihoo 360, a Chinese developer of anti-virus and other security software, for reporting the bug. Qihoo also created and manages the 360 Secure Browser, which relies on Google's rendering and JavaScript engines, as does Chrome and Microsoft Edge.The Firefox flaw was characterized as a type confusion bug in the IonMonkey JavaScript JIT (Just-in-Time) compiler of SpiderMonkey, the browser's JavaScript engine.Mozilla rated the vulnerability as "Critical," the most serious rating in its multi-step ranking system. To manually update the browser, users can select Help > About Firefox on Windows or Firefox > About Firefox on macOS. The resulting page shows that the browser is either up to date or describes the refresh process.Wednesday's update was the first aimed at a zero-day vulnerability in Firefox since June, when Mozilla patched another critical type confusion flaw. Senior Reporter Gregg Keizer covers Windows, Office, Apple/enterprise, web browsers and web apps for Computerworld. Copyright © 2020 IDG Communications, Inc. Computerworld The Voice of Business Technology Follow us Copyright © 2020 IDG Communications, Inc.Explore the IDG Network descend
Erstellt: Do, 09.01.2020 21:46
aktualisiert: Sa, 11.01.2020 17:41
Mozilla patches Firefox zero-day as attackers exploit flaw | Computerworld The release of Firefox 72.0.1 came just one day after the newest version of the browser rolled out and foxes a type confusion bug in the IonMonkey JavaScript JIT (Just-in-Time) compiler of SpiderMonkey. IDG "); }); try { $("div.lazyload_blox_ad").lazyLoadAd({ threshold : 0, // You can set threshold on how close to the edge ad should come before it is loaded. Default is 0 (when it is visible). forceLoad : false, // Ad is loaded even if not visible. Default is false. onLoad : false, // Callback function on call ad loading onComplete : false, // Callback function when load is loaded timeout : 1500, // Timeout ad load debug : false, // For debug use : draw colors border depends on load status xray : false // For debug use : display a complete page view with ad placements }) ; } catch (exception){ console.log("error loading lazyload_ad " + exception); } }); Just one day after releasing Firefox 72, Mozilla updated the browser with a fix to shut down active attacks, the company acknowledged.On Wednesday, Mozilla issued Firefox 72.0.1, which included one change: A patch for the vulnerability identified as CVE-2019-17026. "We are aware of targeted attacks in the wild abusing this flaw," Mozilla said in the short description of the flaw, signaling that criminals were already leveraging the zero-day vulnerability, the term applied because there no time elapses between patching and exploitation.Mozilla credited Qihoo 360, a Chinese developer of anti-virus and other security software, for reporting the bug. Qihoo also created and manages the 360 Secure Browser, which relies on Google's rendering and JavaScript engines, as does Chrome and Microsoft Edge.The Firefox flaw was characterized as a type confusion bug in the IonMonkey JavaScript JIT (Just-in-Time) compiler of SpiderMonkey, the browser's JavaScript engine.Mozilla rated the vulnerability as "Critical," the most serious rating in its multi-step ranking system. To manually update the browser, users can select Help > About Firefox on Windows or Firefox > About Firefox on macOS. The resulting page shows that the browser is either up to date or describes the refresh process.Wednesday's update was the first aimed at a zero-day vulnerability in Firefox since June, when Mozilla patched another critical type confusion flaw. Senior Reporter Gregg Keizer covers Windows, Office, Apple/enterprise, web browsers and web apps for Computerworld. Copyright © 2020 IDG Communications, Inc. Computerworld The Voice of Business Technology Follow us Copyright © 2020 IDG Communications, Inc.Explore the IDG Network descend