DESCRIPTION:
Firefox contains a type confusion vulnerability (CVE-2019-17026) in IonMonkey, the JavaScript Just-In-Time (JIT) compiler for SpiderMonkey, Mozilla’s JavaScript engine. This vulnerability exists in the JIT compiler due to “incorrect alias information for setting array elements.” A remote attacker could exploit the flaw by tricking an unsuspecting user into clicking a malicious link. In the case of a successful exploit, the attacker could execute arbitrary actions.
AFFECTED RELEASES:
Firefox versions prior to 72.0.1.
Firefox ESR versions prior to 68.4.1.
SOLUTION:
1. Please confirm the current version by clicking the "Firefox Menu button" at the top right corner of the browser window. After that, clicking "Help" and then select "About Firefox." The About Firefox window will appear. The version number is listed underneath the Firefox name.
2. For the update, please follow the steps below :
(1) Click the "Firefox Menu button," click "Help" and then select "About Firefox." Firefox will begin checking for updates and downloading them automatically.
(2) When the download is complete, click the "Restart" option to restart Firefox and complete the update.
REFERENCE:
1. https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
2. https://thehackernews.com/2020/01/firefox-cyberattack.html