Firefox users, beware. Mozilla has released critical updates for the browser meant to address a vulnerability that's being used in a variety of targeted attacks.
“On Monday, June 17, 2019, Coinbase reported a vulnerability used as part of targeted attacks for a spear phishing campaign,” sad Selena Deckelmann, senior director of Firefox Browser Engineering, in a statement to Threatpost. “In less than 24 hours, we released a fix for the exploit.”
I don't have any insights into the active exploitation part. I found and then reported the bug on April 15. The first public fix then landed about a week ago (sec fixes are held back until close to the next release): https://t.co/O34f9dou3E https://t.co/K6GfZN1XkH— Samuel Groß (@5aelo) June 19, 2019
According to Mozilla, the issue has been resolved in versions Firefox 67.0.3 and Firefox ESR 60.7.1. Unfortunately, anyone continuing to use Firefox on a PC via Windows, macOS, or Linux would be affected by the vulnerability. It was originally found by Samuel Groß of Google Project Zero and the Coinbase Security team, and further disseminated in a Twitter thread. The vulnerability was first reported on April 15 and the first public fix was then sent out "about a week ago."
There aren't any details about the flaw's exploits floating around in the wild to pore over, and Mozilla didn't immediately respond to Threatpost's request for comment on the matter. However, it seems that since the flaw has been resolved, it's not so much a critical problem anymore, but it's still worth making sure you've been upgraded to the latest version of Firefox and aren't using any outdated browsers that could potentially put you at risk. It's always a good idea to stay up to date on things like these, even if there aren't any immediate risks involved.
Thanks to jcupitt for bringing this to our attention with his Chatty thread.
Brittany Vincent posted a new article, Mozilla Firefox 67.0.3 update patches Zero Day security flaw
That's a great news. Security is an important issue today. Personally I always use VPN from Veepn.com to protect my privacy. It has unlimited traffic and high level of security. I pay only $1.67