Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Eugene

(62,660 posts)
Tue Jun 18, 2019, 11:17 PM Jun 2019

Update your Firefox browser now, there's an emergency patch you'll want

Source: The Verge

Update your Firefox browser now, there’s an emergency patch you’ll want

Hackers are actually exploiting this zero-day flaw, a researcher warns

By Sean Hollister Jun 18, 2019, 5:44pm EDT

Are you running Firefox version 67.0.3 or Firefox ESR 60.7.1? If the answer is “no,” or you’re not sure, maybe just update your web browser now. Firefox maker Mozilla is warning (via ZDNet) that the browser has a zero-day flaw that’s actively being exploited in the wild — you don’t see that every day — and it has issued an emergency patch that can let you plug that hole right now.

Here’s the full description of the issue:

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.

Updating Firefox can be as easy as restarting the browser, though you can also tap the hamburger icon on the upper-right hand corner, type “Update” into the search box and hit that “Restart to update Firefox” button to be sure.

-snip-


Read more: https://www.theverge.com/2019/6/18/18684272/firefox-zero-day-flaw-browser-attacks-crypto-patch

______________________________________________________________________

Related:
Mozilla Foundation Security Advisory 2019-18 (Mozilla)
Mozilla patches Firefox zero-day abused in the wild (ZDNet)
2 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Update your Firefox browser now, there's an emergency patch you'll want (Original Post) Eugene Jun 2019 OP
The hell does "in the wild" mean? pnwest Jun 2019 #1
It means real hackers are already using this exploit to do real-world damage. Eugene Jun 2019 #2

Eugene

(62,660 posts)
2. It means real hackers are already using this exploit to do real-world damage.
Tue Jun 18, 2019, 11:32 PM
Jun 2019

It's not just a proof-of-concept done under laboratory conditions.

Per a separate advisory: a malware-infected website can inject arbitrary code into an unpatched version of Firefox without any user action beyond visiting the page.

Latest Discussions»Help & Search»Computer Help and Support»Update your Firefox brows...