Mozilla Discloses Serious Firefox Security Exploit, Update Your Browser Now
You may have only recently updated your Firefox browser to build 67.0, but guess what? You should mash the update button once gain. The latest version, build 67.0.3, contains a fix for a major security vulnerability that is being actively exploited in the wild, according to Mozilla. Leaving Firefox unpatched is not a good idea.
Listed as "CVE-2019-11707: Type confusion in Array.pop," Mozilla considers the vulnerability to be a critical one. It was discovered by a member of Google's Project Zero team and Coinbase Security, and promptly addressed with an update.
"A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw," Mozilla said.
Put another way, hackers can leverage the bug to install malware on a victim's PC. This is done by manipulating JavaScript code to trick a user into visiting a website that then pushes malicious code onto the target system.
If you use Firefox, you should update right away to the latest release (currently build 67.0.3)
It is fairly rare for Mozilla to issue a zero-day patch, which speaks to the potential severity of this one, and why it is important to update Firefox as soon as possible. You can do that by clicking on the three vertical lines in the upper-right corner and navigating to Help > About Firefox, and then clicking the 'Restart to update Firefox' button.
Alternately, you can download a new installer from Mozilla's Firefox page and use that to update your browser.
