Exploited Zero-day flaw means your Firefox install needs an urgent update

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Google’s Project Zero security team has discovered a Zero-day vulnerability in all versions of Firefox which is currently being exploited in the wild and which requires an urgent patch.

The flaw reads:

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.

All versions of the browser below 67.0.3 or Firefox ESR 60.7.1 are vulnerable.

The patch is available as a browser update now, which can be installed by checking for updates or downloading the latest version here.

Via the Verge

User forum

0 messages