Google’s Project Zero security team has discovered a Zero-day vulnerability in all versions of Firefox which is currently being exploited in the wild and which requires an urgent patch.

The flaw reads:

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.

All versions of the browser below 67.0.3 or Firefox ESR 60.7.1 are vulnerable.

The patch is available as a browser update now, which can be installed by checking for updates or downloading the latest version here.

Via the Verge

Comments