Mozilla has warned Firefox users to update their browsers after a zero-day flaw was discovered by Samuel Groß, a member of Google’s Project Zero security division.
If you aren’t on Firefox version 67.0.3 (mobile users) or Firefox ESR 60.7.1 (for desktop users), Mozilla has issued an emergency patch that will fix the vulnerability—Mozilla considers the impact of the vulnerability to be “critical” and states the following;
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.
Update now
In the above statement, Mozilla has admitted to targeted attacks exploiting the flaw, so you can ensure you’re on the latest version of Mozilla by restarting your browser to update automatically.
To be safe, you can also update manually:
- On the menu bar click the Firefox menu and select About Firefox.
- The About Firefox window will open. Firefox will begin checking for updates and downloading them automatically.
- When the download is complete, click Restart to update Firefox.
[ SOURCE ]