Firefox gets second security update within days
Mozilla fixes another zero-day vulnerability and asks users to update their versions.
David FischerTwo dangerous vulnerabilities currently threaten Firefox users. Attackers exploit two vulnerabilities (CVE-2019-11707, CVE-2019-11708) in combination to place malicious code to vulnerable computers and execute it.
One of these vulnerabilities has already been patched Firefox with version 67.0.3 a few days ago. Now Mozilla published another warning and published updates for Firefox ESR (60.7.2) and Firefox (67.0.4). Mozilla rates the vulnerability risk as high. If you use the browser, you should get the update quick.
Successful attacks possible
Attackers can use the now closed gap to break out of the sandbox of the browser. In the sandbox processes are usually safely separated from the other system. But in combination with the other vulnerability, the execution of malicious code on a targeted systems is possible.
Check your version
You can find out which version you are running by opening the menu, clicking Help and selecting About Firefox. The browser should automatically prompt users to update. You can get the update also manually by typing update in the search bar.
About Author
David Fischer
I am a technology writer for UpdateStar, covering software, security, and privacy as well as research and innovation in information security. I worked as an editor for German computer magazines for more than a decade before starting to be a team member at UpdateStar.