What better way to start the new year than a major vulnerability in one of the most popular internet browsers out there, right?
Well, the bad news is that Mozilla covered that base just over a week into 2020 (via The Next Web). The good news is that the company has already patched what’s being described as a “critical vulnerability”. And that’s not just from the Chinese cybersecurity firm Qihoo 360 which discovered the flaw, but also the United States’ Department of Homeland Security.
Mozilla has already confirmed the vulnerability exists, and is aware of “targeted attacks in the wild abusing this flaw”. Here’s Mozilla on the matter:
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.
The company says the zero-day exploit was announced on January 8, 2020. However, Mozilla patched the issue with Firefox version 72.0.1 and Firefox ESR 68.4.1. This is a critical update for folks who use Mozilla’s Firefox web browser on a Mac, so if you fall into that category get your software updated now.
The Cybersecurity and Infrastructure Security Agency (CISA) says that an “attacker could exploit this vulnerability to take control of an affected system”.
The latest version of Firefox is available now, so if you have the browser installed get it updated.