The United States Cybersecurity and Infrastructure Agency (CISA), part of the Department of Homeland Security, this week urged Firefox users to upgrade to version 72.0.1, which fixes a major vulnerability in older versions of the browser.
Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 72.0.1 and Firefox ESR 68.4.1 and Thunderbird 68.4.1 and apply the necessary updates.
Mozilla on Wednesday patched a critical zero-day bug in Firefox that affects desktops. The vulnerability could allow bad guys to take control of a user’s computer. Mozilla says it was already aware of targeted attacks, and so it fixed the bug immediately. The flaw was fixed via a patch via Firefox 72.0.1. Mozilla said that attacks can be used to “take control of an affected system.”
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. There have been targeted attacks in the wild abusing the flaw, which means it’s important for all Firefox users to upgrade, including enterprise users.
The vulnerability was first discovered by Chinese firm Qihoo 360 two days after the release of Firefox 72, but there is no word on how long the bug has been exploited.
Mozilla has been staying busy fixing Firefox bugs lately, as they have recently fixed 11 bugs that included six high-rated ones. Some of the bugs could allow attackers to take control of your computer.
To install the patch, go to “About Firefox” and use the in-browser update feature.