Published on: 08 January 2020
Last update on: 09 January 2020
Mozilla has published two security advisories (MFSA 2020-01 and MFSA 2020-02) to address multiple browser vulnerabilities. A remote attacker could entice a user running a vulnerable browser to open a web page with specially crafted content to exploit the vulnerabilities.
Mozilla has released Firefox 72.0.1 and Firefox ESR 68.4.1 to address another security vulnerability (CVE-2019-17026) in the Firefox's JavaScript Engine. Reports indicate that active exploitation against the vulnerability has been observed. Successful exploitation of the vulnerability could lead to arbitrary code execution or application crash on an affected system. Users are advised to upgrade the affected systems as soon as possible to mitigate the elevated risk of cyber attacks.
Successful exploitation of the vulnerabilities could lead to information disclosure, arbitrary code execution, security restrictions bypass, or application crash on an affected system.
Mozilla has released new versions of the product to address the issues and they can be downloaded at the following URLs:
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
https://www.hkcert.org/my_url/en/alert/20010801
https://www.us-cert.gov/ncas/current-activity/2020/01/08/mozilla-patches-critical-vulnerability
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17015 (to CVE-2019-17025)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17026