Tech

Exploited Zero-day flaw means your Firefox install needs an urgent update

Exploited Zero-day flaw means your Firefox install needs an urgent update

As Martin found, the reported critical zero-day vulnerability in Mozilla's Firefox web browser, which was announced on June 18, has actually emerged along with another zero-day flaw that targeted Coinbase employees, meaning that there were two separate Firefox zero-day attacks. A new Firefox ESR, Extended Support Release, version is also available that brings it to Firefox ESR 60.7.1. If Firefox on your Android phone hasn't already updated automatically, head to the Play Store and make sure it's updated as soon as you can.

Mozilla just released a security advisory warning and apparently both the Mozilla's Firefox and Firefox ESR products are affected.

The patch is now available as a browser update.

Coinbase chief information security officer Philip Martin said on Wednesday night the digital-dosh trading site was one of the prime targets of hackers, who tried to exploit a zero-day vulnerability, CVE-2019-11707, a JavaScript type-confusion flaw in Firefox, to execute malicious code on Coinbase staff machines.

More news: Taylor Swift Drops Star-Studded 'You Need to Calm Down' Music Video

A critical Firefox zero-day remote code execution vulnerability is being abused in targeted attacks in the wild, Mozilla has warned on Tuesday. "This can allow for an exploitable crash".

Cryptocurrency are most likely among the first to be targeted although the full reach of the issue is unclear and at this point there are no specific details of how the bug has been exploited exactly.

On the menu bar click the Firefox menu and select About Firefox.