Monday , November 30 2020

Firefox gets patch for critical zeroday that’s being actively exploited – Ars Technica, Ars Technica



Flaw allows attackers to access sensitive memory locations that are normally off-limits.





In an

advisory, Mozilla rated the critical vulnerability and said it was “aware of targeted attacks in the wild abusing this flaw.” The US Cybersecurity and Infrastructure Security Agency

saidone or more exploits were “detected in the wild” and warned that attacks could be exploited to “take control of an affected system.” The Mozilla advisory credited researchers at China-based Qihoo 360 with reporting the flaw.

No other details about the attacks were immediately available. Neither Mozilla nor Qihoo 440 responded immediately to emails asking for more information.

CVE – – 1578535397, as the vulnerability is indexed, is atype confusion, a potentially critical error that can result in data being written to, or read from, memory locations that are normally off-limits. Theseout-of-bounds readsmay allow attackers to discover memory locations where malicious code is stored, so that protections such asaddress space layout randomizationcan be bypassed. Out-of-bounds reads can also cause computers to crash.

The flaw is fixed in Tuesday’s release of Firefox 0.1. The patch came a day after version 125fixed other vulnerabilities, six of which were rated high. Three of those six bugs might make it possible for attackers to run malicious code on affected computers.

The patching of CVE – – comes seven months after Mozillapatched a pair of potent zerodaysthat attackers exploited in an attempt to install an undetected backdoor on Macs used by cryptocurrency exchange Coinbase.


About support_2ab8

Check Also

Alabama vs. Georgia: Prediction, pick, odds, point spread, line, live stream, watch on CBS – CBS Sports, CBS Sports

Alabama vs. Georgia: Prediction, pick, odds, point spread, line, live stream, watch on CBS – CBS Sports, CBS Sports

The biggest game on the 2020 college football slate goes down on Saturday night in Tuscaloosa, Alabama, when No. 2 Alabama will play host to No. 3 Georgia in a rematch of the classic 2018 College Football Playoff National Championship showdown and the 2018 SEC Championship Game. The coaching matchup between the teacher (Crimson Tide…

Leave a Reply

Your email address will not be published. Required fields are marked *