Mozilla Patches Type Confusion Zero-Day in Firefox Used in Targeted Attacks (CVE-2019-11707)

On June 18, the Mozilla Foundation published a security advisory to address a zero-day vulnerability in Mozilla Firefox used in targeted attacks in the wild. Samuel Groß, a researcher from Google Project Zero and Coinbase Security reported the vulnerability to Mozilla.

While details about the vulnerability have been kept sparse, Groß recently tweeted that he reported the vulnerability on April 15 and had no insight into active exploitation, which means that Coinbase Security was likely the ones to discover the attack in the wild.

Mozilla released patches to address this vulnerability on both Firefox and Firefox ESR.

To learn more, please visit our blog.