By 
On Tuesday, Oracle announced it had fixed a major vulnerability for a remote code execution that could affect specific versions of the WebLogic Server.
The virus in Oracle system circumvents a previously fixed vulnerability with researchers saying it is aggressively used in attacks. The company credits a member of Knownsec’s 404 Team for reporting the new deserialization flaw, along with other nine other security researchers.
Tracked CVE-2019-2729, it is deserialization via XMLDecoder in Oracle WebLogic Server Web Services.
Results on ZoomEye search engine say that there are almost 42,000 examples of Oracle’s WebLogic Server deployed in 2019. A similar search on Shodan shows slightly over 2,300 servers available online, with both engines agreeing that these servers are typically present in the U.S. and in China.
At the same time, Mozilla also said that it had released Firefox 67.0.3 and Firefox ESR 60.7.1 to fix a critical flaw which could let attackers remotely perform random code on machines running susceptible Firefox versions.
Mozilla’s security advisory says that the Firefox developers are “aware of targeted attacks in the wild abusing this flaw” which could enable attackers who exploit this susceptibility to take control of affected systems.
Attackers could possibly activate the type misunderstanding by misleading users of unpatched Firefox versions into visiting a spitefully crafted web page and, then, executing arbitrary code on their systems.
This is not the first Firefox zero-day that gets an emergency fix; back in 2016, Mozilla repaired another one with the issue of Firefox 50.0.2 and 45.5.1 ESR, while the Tor Project issued Tor Browser 6.0.7 to rectify the same problem.
