Firefox 67.0.3 closes dangerous vulnerability
Mozilla urges Firefox users to update browser immediately to the latest version.
David FischerWith yesterday's update to Firefox version 67.0.3, Mozilla patches a critical vulnerability (CVE-2019-11707). According to Mozilla, the vulnerability is already exploited for targeted attacks on the Web. Users should install the update as soon as possible.
When dealing with Javascript objects an exploitable browser crash can be provoked. Injected code can be executed with the rights of the logged in user. The vulnerability was discovered by Samuel Groß, who works for Google Project Zero, as well as researchers from Coinbase Security.
The vulnerability also affects Firefox Extended Support Release (ESR). Mozilla has therefore provided an update to version 60.7.1. There is no update available for the Firefox ESR-based Tor Browser. Firefox for Android 67.0.3, however, is already available.
You can find out which version you are running by opening the menu, clicking Help and selecting About Firefox. The browser should automatically prompt users to update. You can get the update also manually by typing update in the search bar.
About Author
David Fischer
I am a technology writer for UpdateStar, covering software, security, and privacy as well as research and innovation in information security. I worked as an editor for German computer magazines for more than a decade before starting to be a team member at UpdateStar.