Last Updated on 20/06/2019 by TDH Publishing (A)
If you have Firefox, then it seems like you need to update it. It is reported that Firefox is attacked by a critical bug. Mozilla has released security updates Firefox 67.0.3 and Firefox ESR 60.7.1 to fix this bug. This bug is capable of getting exploited to take control of vulnerable systems.
The US Cybersecurity and Infrastructure Security Agency have also issued an alert urging the system administrators and users to review Mozilla’s security advisory and act accordingly. “A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop,” Mozilla engineers wrote in a security advisory posted today. “This can allow for an exploitable crash,” they added. “We are aware of targeted attacks in the wild abusing this flaw.”
Originally reported by the members of Coinbase Security and Google Project Zero, the bug helps hackers to use a manipulated JavaScript code to trick users into visiting websites that deliver malicious code onto their PCs. The Mozilla Security board is urging all users to install the updates immediately as this is a serious vulnerability. Following a request for additional details from ZDNet, Samuel Grob, a security researcher with Google Project Zero security team, said “the bug can be exploited for RCE [remote code execution] but would then need a separate sandbox escape” so as to run code on an underlying OS. “However, most likely it can also be exploited for UXSS [universal cross-site scripting] which might be enough depending on the attacker’s goals,” he added.
So, it is clear that Firefox, being one of the best mainstream web browsers for security and privacy-minded users these days, can also succumb to such unforeseen exploits.