If you use the Firefox web browser on any desktop platform, you must update it now to be safe.
Earlier today, Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability that is being actively exploited by a group of hackers.
The ‘CVE-2019-17026’ is a critical ‘type confusion vulnerability’ in the IonMonkey just-in-time (JIT) compiler of SpiderMonkey JavaScript engine. It lets attackers crash the application or perform code execution. In the worst case, this vulnerability lets attackers take control of users’ computers.
The type confusion vulnerability occurs when the code blindly uses the object without verifying it.
This vulnerability can be exploited by an attacker by tricking the user into visiting a maliciously crafted web page. As soon as the vulnerable use opens the malicious web page, it will execute arbitrary code on the system.
This patch also fixes 11 other vulnerabilities from which 6 might allow attackers to run malicious code.
The Mozilla advisory credited researchers at China-based Qihoo 360 who has not yet revealed the details of the exploit.
If you are using Firefox on any desktop platform, you need to navigate to Menu > Help > About Mozilla Firefox to manually update the browser.
