Following the discovery of a zero-day vulnerability in its browser, Mozilla is urging Firefox users to immediately update to the latest version of its desktop app − that includes Firefox ESR, which is intended for use by system administrators who control desktop environments in schools, offices, governments and other organizations.
The bug, which is described as a 'type confusion vulnerability', has been given an impact level of 'critical', as it allows outside users to remotely execute code on your machine without your permission.
- Mozilla launches new desktop password manager, Firefox Lockwise
- Mozilla could be about to change the VPN and privacy market foreve
- The best Mozilla Firefox VPN 2019
Make yourself invulnerable
"A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash," says Mozilla on its security advisory page.
Worryingly, the corporation also notes that there have already been instances of "targeted attacks in the wild abusing this flaw," which means you really should update to the fixed versions (Firefox 67.0.3 and Firefox ESR 60.7.1) as soon as possible.
Thankfully, Mozilla has the ability to deploy patches and security updates automatically, meaning that in theory you should only have to restart Firefox in order to receive the fixed version.
Recently, Mozilla also rolled out new security tools for its Firefox browser which are intended to prevent two other pernicious security and privacy issues − fingerprinting and cryptojacking.
[Source: The Register]
