Mozilla has released updates for the Firefox browser addressing a critical vulnerability that is being actively exploited in targeted attacks.
The critical flaw (CVE-2019-11707) is a type confusion vulnerability in the Array.pop, which is an array method that is used in JavaScript objects in Firefox. The vulnerability, under active attack, enables bad actors to take full control of systems running the vulnerable Firefox versions.
“On Monday, June 17, 2019, Coinbase reported a vulnerability used as part of targeted attacks for a spear phishing campaign,” Selena Deckelmann, senior director of Firefox Browser Engineering, told Threatpost.
