News

Mozilla Firefox 67.0.3 update patches Zero Day security flaw

If you're a faithful Firefox user, you might want to make sure you've gotten this update and you're all ready to go.

June 19, 2019 4:15 PM

Firefox users, beware. Mozilla has released critical updates for the browser meant to address a vulnerability that's being used in a variety of targeted attacks.

The fix is for critical flaw CVE-2019-11707, which has to do with an array method that's used in JavaScript objects within Firefox itself. The vulnerability allows those who wish to do harm to take control of systems still running any versions of Firefox with the exploit unmatched.

“On Monday, June 17, 2019, Coinbase reported a vulnerability used as part of targeted attacks for a spear phishing campaign,” sad Selena Deckelmann, senior director of Firefox Browser Engineering, in a statement to Threatpost. “In less than 24 hours, we released a fix for the exploit.”

I don't have any insights into the active exploitation part. I found and then reported the bug on April 15. The first public fix then landed about a week ago (sec fixes are held back until close to the next release): https://t.co/O34f9dou3E https://t.co/K6GfZN1XkH
— Samuel Groß (@5aelo) June 19, 2019

According to Mozilla, the issue has been resolved in versions Firefox 67.0.3 and Firefox ESR 60.7.1. Unfortunately, anyone continuing to use Firefox on a PC via Windows, macOS, or Linux would be affected by the vulnerability. It was originally found by Samuel Groß of Google Project Zero and the Coinbase Security team, and further disseminated in a Twitter thread. The vulnerability was first reported on April 15 and the first public fix was then sent out "about a week ago."

There aren't any details about the flaw's exploits floating around in the wild to pore over, and Mozilla didn't immediately respond to Threatpost's request for comment on the matter. However, it seems that since the flaw has been resolved, it's not so much a critical problem anymore, but it's still worth making sure you've been upgraded to the latest version of Firefox and aren't using any outdated browsers that could potentially put you at risk. It's always a good idea to stay up to date on things like these, even if there aren't any immediate risks involved.

Thanks to jcupitt for bringing this to our attention with his Chatty thread.

Brittany Vincent

Senior Editor

Fueled by horror, rainbow-sugar-pixel-rushes, and video games, Brittany is a Senior Editor at Shacknews who thrives on surrealism and ultraviolence. Follow her on Twitter @MolotovCupcake and check out her portfolio for more. Like a fabulous shooter once said, get psyched!

Filed Under

From The Chatty

Refresh Go To Thread

Shacknews

 reply
June 19, 2019 5:19 PM

Brittany Vincent posted a new article, Mozilla Firefox 67.0.3 update patches Zero Day security flaw
- kellyon
  
   reply
  July 15, 2019 12:30 PM
  
  That's a great news. Security is an important issue today. Personally I always use VPN from Veepn.com to protect my privacy. It has unlimited traffic and high level of security. I pay only $1.67