Project

General

Profile

Bug #2595

Updated by bill-auger about 4 years ago

Zero-day report (CVE-2019-17026) for Firefox 72 and below

On Thursday, January 9th, Mozilla reported a bug that has been classified as "CVE-2019-17026":https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17026, which "has been applied into the release and ESR branches":https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ of Firefox. The versions of Firefox that has been applied this zero-day patches are:

#Release branch:
##72.0.1

#ESR branch:
##62.4.1

The bug details a failure of SpiderMonkey that makes it vulnerable to attacks.

Anyway, please update Iceweasel ASAP (if could be possible, also in 32-bit and ARMv7 builds, too).

Thanks.

Back