Mozilla urges Firefox users to patch against critical zero-day vulnerability

Adjust Comment Print

Such an attack could happen if vulnerable Firefox users ended up visiting webpages with malicious code hidden behind them.

Users running Mozilla's Firefox browser are strongly advised to update to its latest version 67.0.3, recently released by the Mozilla team to address a zero-day vulnerability that's now being abused in the wild, ZDNet reports.

Mozilla just released a security advisory warning and apparently both the Mozilla's Firefox and Firefox ESR products are affected.

The latest version comes with an emergency patch that addresses a zero-day flaw that is Firefox says is now being exploited to no end by unscrupulous characters.

The recent Firefox's zero-day security flaw was used in attacks against major crypto exchange and wallet service Coinbase, according to a tweet from Coinbase security researcher Philip Martin posted on June 20.

Michel Platini 'detained over awarding of World Cup to Qatar'
Platini won the Ballon d'Or as the world's best soccer player three times, and he's still regarded as one of the all-time greats. The ex-UEFA president said in 2015 he "might have told" U.S. officials he would vote for the United States bid.

The security hole was revealed via Google's Project Zero, and it affects ALL versions of Firefox. The team released the version 67.0.3 of the Firefox browser to address the critical vulnerability.

Mozilla describes the vulnerability as "critical" and it has been labelled CVE-2019-11707.

Mozilla did not share many details about the flaw - it simply stated that it is a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, and that it can trigger an exploitable crash.

Given the latter's reporting, we could speculate that the attacks in the wild may have been aimed at cryptocurrency users, with hackers going after their digital wallets.

Comments