Quick reminder that we're still updating the "0day detected in-the-wild" spreadsheet here: https://googleprojectzero.blogspot.com/p/0day.html . The first entry for 2020 is now in the books -- CVE-2019-17026 is a type confusion issue in the JIT engine for Firefox, detected in active attacks by Qihoo 360 ATA.
For Firefox, you can update the "Analysis URL" column and point them to the Bugzilla URLs which are linked from the individual advisories. We prefer to keep the details private for a few months after release, but they usually become public at some point.
•
•
•