Mozilla Fixes Active Zero-Day Vulnerability in Firefox

Firefox Quantum shutterstock website

Mozilla has rolled out an update to its Firefox web browser to address a critical zero-day vulnerability that is reportedly being used for targeted attacks in the wild. While the company didn’t reveal too many details about the flaw, it did say that it was a ‘type confusion’ error in the IonMonkey just-in-time (JIT) compiler for the browser’s SpiderMonkey JavaScript engine.

The update is being pushed out through the stable channel for both Firefox and Firefox ESR as versions 72.0.1 and 68.4.1, respectively. The vulnerability affects Firefox on all desktop platforms, including Windows, macOS and Linux, so if you’re using the browser on your computer, you should immediately install the latest patched versions by going over to the ‘hamburger menu’ (three horizontal lines) on the top-right corner and clicking on Help > About Firefox > Check for Updates.

The vulnerability (CVE-2019-17026), which was originally reported to Mozilla by researchers at Chinese security software firm, Qihoo 360 ATA, could apparently be used by hackers to surreptitiously take control of a compromised system, according to a warning issued by the US Cybersecurity and Infrastructure Security Agency (CISA), which is advising users to immediately install the patched version of the browser on their computers.

As pointed out by Bleeping Computer, the latest security patch comes just a day after Firefox 72.0 was released with fixes for 11 security vulnerabilities, with as many as five of them being classified as ‘High’ by Mozilla. However, this particular one is of massive concern, given that it is already being exploited in the wild, so it would be for the best if you updated your browser right now.

VIA BleepingComputer
SOURCE Mozilla
comment Comments 0
Leave a Reply