pinit_fg_en_rect_red_20 GEN - Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks
mozilla firefox update patch
If you use the Firefox web browser, you need to update it right now.

Mozilla earlier today released Firefox 67.0.3 and Firefox

ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild.

Discovered and reported by Samuel Groß, a cybersecurity researcher at Google Project Zero, the vulnerability could allow attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions and take full control of them.


The vulnerability, identified as CVE-2019-11707, affects anyone who uses Firefox on desktop (Windows, macOS, and Linux) — whereas, Firefox for Android, iOS, and Amazon Fire TV are not affected.

According to an advisory, the flaw has been labeled as a type confusion vulnerability in Firefox that can result in an exploitable crash due to issues in Array.pop which can occur when manipulating JavaScript objects.

At the time of writing, neither the researcher nor Mozilla has yet released any further technical details or proof-of-concept for this flaw.

Through Firefox automatically installs latest updates and activate new version after a restart, users are still advised to ensure they are running the latest Firefox 67.0.3 and Firefox (Extended Support Release) 60.7.1 or later.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.