Firefox 67.0.3 closes dangerous vulnerability

Mozilla urges Firefox users to update browser immediately to the latest version.

With yesterday's update to Firefox version 67.0.3, Mozilla patches a critical vulnerability (CVE-2019-11707). According to Mozilla, the vulnerability is already exploited for targeted attacks on the Web. Users should install the update as soon as possible.

When dealing with Javascript objects an exploitable browser crash can be provoked. Injected code can be executed with the rights of the logged in user. The vulnerability was discovered by Samuel Groß, who works for Google Project Zero, as well as researchers from Coinbase Security.

The vulnerability also affects Firefox Extended Support Release (ESR). Mozilla has therefore provided an update to version 60.7.1. There is no update available for the Firefox ESR-based Tor Browser. Firefox for Android 67.0.3, however, is already available.

You can find out which version you are running by opening the menu, clicking Help and selecting About Firefox. The browser should automatically prompt users to update. You can get the update also manually by typing update in the search bar.

about author