Mozilla has issued an update for the Firefox web browser which patches a vulnerability that could have allowed a hacker to take control of an affected system. The update for Mozilla Firefox for Microsoft Windows PCs and the Apple Mac computing devices bump it up to version 72.0.1. Mozilla has categorized this as a Zero-Day Vulnerability. A Zero-Day Vulnerability is usually a reference to an issue that may have been discovered by a hacker or a malware and has been exploited in the process. Mozilla came to know about this issue after the issue was exploited.
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw,” says Mozilla in the release notes for the Mozilla Foundation Security Advisory 2020-03 which references to Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1.
Earlier, the US Department of Homeland Security had also issued an advisory about this Mozilla Firefox vulnerability and urged users to download the update issued by Mozilla. “Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates,” they say.
If you use the Mozilla Firefox web browser on your PC or Mac, we would suggest you urgently install the update. If you are on a Windows machine, open Firefox and click on the hamburger icon in the top-right corner of the window -> click on Help -> About Firefox. If you’re a Mac user, click Firefox in your Menu Bar (this will be near the top left corner of the screen) and select About Firefox. You must doublecheck that after all updates have been installed, the Firefox browser running should now be the 72.0.1 version.