Mon. Nov 18th, 2019

Google Project Zero found Firefox zero-day exploited in the wild. Patch now

1 min read

Firefox browser has just pushed a new emergency security update to fix the zero-day vulnerability discovered by Google Project Zero. Mozilla has also confirmed that hackers have begun to exploit this vulnerability in the wild, so users need to upgrade to the latest version of Firefox immediately. At the same time, this vulnerability also affects all versions of Firefox including extended support. All users need to upgrade v67.0.3 or ESR v60.7.1.

Vulnerability detail:

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.

If you are a Firefox user, you can now upgrade to the latest version. Of course, the upgrade process is as simple as clicking the Check for Updates button. Open the Firefox browser and click the menu button in the upper right corner and then click on the Help option to automatically check for updates and download installation packages. But until now it is not clear what the main purpose of the attacker to exploit this vulnerability.