Mozilla Firefox 67.0.3 update patches Zero Day security flaw

If you're a faithful Firefox user, you might want to make sure you've gotten this update and you're all ready to go.


Firefox users, beware. Mozilla has released critical updates for the browser meant to address a vulnerability that's being used in a variety of targeted attacks.

The fix is for critical flaw CVE-2019-11707, which has to do with an array method that's used in JavaScript objects within Firefox itself. The vulnerability allows those who wish to do harm to take control of systems still running any versions of Firefox with the exploit unmatched.

“On Monday, June 17, 2019, Coinbase reported a vulnerability used as part of targeted attacks for a spear phishing campaign,” sad Selena Deckelmann, senior director of Firefox Browser Engineering, in a statement to Threatpost. “In less than 24 hours, we released a fix for the exploit.”

According to Mozilla, the issue has been resolved in versions Firefox 67.0.3 and Firefox ESR 60.7.1. Unfortunately, anyone continuing to use Firefox on a PC via Windows, macOS, or Linux would be affected by the vulnerability. It was originally found by Samuel Groß of Google Project Zero and the Coinbase Security team, and further disseminated in a Twitter thread. The vulnerability was first reported on April 15 and the first public fix was then sent out "about a week ago."

There aren't any details about the flaw's exploits floating around in the wild to pore over, and Mozilla didn't immediately respond to Threatpost's request for comment on the matter. However, it seems that since the flaw has been resolved, it's not so much a critical problem anymore, but it's still worth making sure you've been upgraded to the latest version of Firefox and aren't using any outdated browsers that could potentially put you at risk. It's always a good idea to stay up to date on things like these, even if there aren't any immediate risks involved.

Thanks to jcupitt for bringing this to our attention with his Chatty thread.

Senior Editor

Fueled by horror, rainbow-sugar-pixel-rushes, and video games, Brittany is a Senior Editor at Shacknews who thrives on surrealism and ultraviolence. Follow her on Twitter @MolotovCupcake and check out her portfolio for more. Like a fabulous shooter once said, get psyched!

From The Chatty
Hello, Meet Lola