Firefox Gets Emergency Patch to Stop Zero-Day Attacks

Firefox Gets Emergency Patch to Stop Zero-Day Attacks

Exploited Zero-day flaw means your Firefox install needs an urgent update

Today, Mozilla released Firefox 67.0.4 that fixes the second unknown vulnerability that was used during this chained attack. Depending on the privileges associated with user active at the time of the attack, an attacker could install programs, view, change, or delete data, or create new accounts with full user rights. The update to version number 67.0.3 patches the critical zero-day flaw and protects users from potential attacks.

"We walked back the entire attack, recovered and reported the 0-day to firefox, pulled apart the malware and [infrastructure] used in the attack and are working with various orgs to continue burning down attacker infrastructure and digging into the attacker involved".

Philip Martin explained on Twitter that the security team "walked back" the entire attack and reported the zero-day to Firefox.

According to Mozilla engineers, the flaw can cause "a type confusion vulnerability to occur when manipulating JavaScript objects due to issues in Array.pop".

What just happened? Browser vulnerabilities are a common occurrence and don't usually pose a serious threat since regular software updates tend to include security fixes to patch these flaws, unless it's a rare zero-day bug.

Cryptocurrency are most likely among the first to be targeted although the full reach of the issue is unclear and at this point there are no specific details of how the bug has been exploited exactly. In turn, this vulnerability allows for an "exploitable crash" to be set up.

Latest News