Security researchers found a vulnerability in Firefox browser; Mozilla asked users to update their browser to the latest version
Mozilla immediately issued a security patch and asked Firefox users to update their browser to the latest version. Qihoo 360 found that hackers were actively exploiting the vulnerability in “targeted attacks” against users. Mozilla issued the security advisory for Firefox 72, which had only been out for two days before the vulnerability was found.
Homeland Security’s cyber advisory unit, the Cybersecurity and Infrastructure Security Agency, also issued a security warning, advising users to update to Firefox 72.0.1, which fixes the vulnerability. Little information was given about the bug, only that it could be used to “take control of an affected system.”
Below is the announcement from Mozilla Foundation. FireFox can download the latest version and update their settings.
- Reporter: Qihoo 360 ATA
- Impact: critical
- Description: Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.