Mozilla 72 and Bug Fixing At the Beginning of Year

Mozilla and Bug Fixing

Mozilla fixes high-severity bugs in its latest releases – Firefox 72 and Firefox ESR 68.4 while rolling out a major privacy feature.

Mozilla’s latest browser versions include Firefox 72.0.1 and Firefox ESR 68.4.1. Firefox ESR browser is the Extended Support Release version designed for mass deployments. In this latest Firefox browser update, Mozilla has fixed a crucial vulnerability that was actively being exploited. While reporting to a security bulletin, Mozilla stated that the company was aware of targeted attacks that were exploiting the flaw. And a successful attack could allow attackers to abuse the affected systems. 

Mozilla announced this update after launching the latest Firefox 72 browser. This browser was released by introducing new privacy features and patching ESR 68.4.1. 

Zero-Day Vulnerability

The critical zero-day bug is a type confusion vulnerability in IonMonkey, the JavaScript Just-In-Time (JIT) compiler for Mozilla’s JavaScript engine, SpiderMonkey. 

A type confusion vulnerability is a specific bug that can occur when manipulating JAvaScript objects due to issues in Array. It can lead to code execution or crashes that an attacker can exploit. An attacker can lure a Firefox user with an outdated browser web page with malicious code to exploit this bug.

Firefox and ESR Bug Fixes 

Mozilla tackled 5 high-severity flaws, which included 4 moderate bugs and 1 low-risk bug in Firefox 72. 3 of these high-severity issues were related to the memory-corruption issues. These flaws included:

  1. CVE-2019-17015 that is; memory corruption in parent process during new content process initialization on Windows. In this case, attackers may exploit the security hole, which exists only in the Windows systems. 
  2. CVE-2019-17017 which is a type confusion vulnerability in the XPCVariant.cpp. An attacker can gain remote access to execute arbitrary code on the target system. 

Protection from Browser Fingerprinting

Fingerprinting is one of the major browser enhancements that include the launch of built-in protection against websites and advertisers that track users across multiple websites. It identifies visitors based on browser settings including dozens of invisible variables such as browser versions, fonts, SVG widgets, and WebGL. The latest version of Firefox protects users against fingerprinting by blocking all third-party requests to firms that are involved in fingerprinting. This technique prevents third-parties from inspecting the properties of a user’s device using JavaScript. It also prevents attackers from receiving information that is revealed through network requests.