Firefox needs an urgent firefix!
If you're a Firefox user, now is the time to update your browser. A zero-day vulnerability has been discovered which is being actively exploited in targeted attacks.
The security hole was revealed via Google's Project Zero, and it affects ALL versions of Firefox. In short, if you have not updated to Firefox 67.0.3 or Firefox ESR 60.7.1, you need to do so right now.
See also:
- Security software is causing Firefox users to lose saved passwords
- Firefox unveils new-look logo and introduces new parent brand
- Mozilla promises to delete private data collected by Firefox fix and apologizes for add-on outage
Mozilla describes the vulnerability as "critical" and it has been labelled CVE-2019-11707. Aside from saying that the security issue is being actively exploited, Mozilla is currently being (understandably) sparing with details.
In a security advisory, Mozilla warns about "type confusion in Array.pop":
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.
All you need to do is ensure that you have the latest version of Firefox installed by checking for updates.