Firefox issues emergency patch for a zero day flaw already being exploited in the wild

Humza

Posts: 1,026   +171
Staff member
What just happened? Browser vulnerabilities are a common occurrence and don't usually pose a serious threat since regular software updates tend to include security fixes to patch these flaws, unless it's a rare zero-day bug. Mozilla's Firefox, one of the most popular browsers out there, recently issued an update to address a critical zero day vulnerability that its engineers acknowledge has already been exploited in the wild.

Users running Mozilla's Firefox browser are strongly advised to update to its latest version 67.0.3, recently released by the Mozilla team to address a zero-day vulnerability that's currently being abused in the wild.

In its security advisory, the company states the bug's impact as critical. "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop," Mozilla describes it in the post. "This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw."

The bug find is credited to security researcher Samuel Groß of Google Project Zero and the Coinbase Security team. It's assumed that the vulnerability is being exploited to attack cryptocurrency owners, considering where the bug report originated from. Hype around cryptocurrency has risen these past few days, with Facebook officially announcing its own entry this week.

Updating Firefox is pretty straightforward. You can download the latest version here, though the browser is set to automatically update by default.

You can also check manually by typing "Update" in the search bar and press the "Restart to update Firefox" button or use the Menu bar at the top and go to Help > About Firefox to trigger an update.

Permalink to story.

 
Back