clock menu more-arrow no yes mobile

Filed under:

Update your Firefox browser now, there’s an emergency patch you’ll want

New, 5 comments

Hackers are actually exploiting this zero-day flaw, a researcher warns

firefox logo

Are you running Firefox version 67.0.3 or Firefox ESR 60.7.1? If the answer is “no,” or you’re not sure, maybe just update your web browser now. Firefox maker Mozilla is warning (via ZDNet) that the browser has a zero-day flaw that’s actively being exploited in the wild — you don’t see that every day — and it has issued an emergency patch that can let you plug that hole right now.

Here’s the full description of the issue:

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.

Updating Firefox can be as easy as restarting the browser, though you can also tap the hamburger icon on the upper right-hand corner, type “Update” into the search box and hit that “Restart to update Firefox” button to be sure. Or just download a new copy right here.

Either way, you’ll likely see a “Congrats! You’re using the latest version of Firefox” page once you launch the browser again.

It’s not clear exactly what hackers are attempting to gain by actively exploiting this flaw, but stealing cryptocurrency is one guess — the bug was credited to Samuel Groß in his roles as a member of both Google’s Project Zero security research division and the Coinbase security team.