Mozilla fixes critical vulnerability in Firefox that is being actively exploited

Spread the love

Mozilla has released an update to Firefox 67 after discovering a critical vulnerability that is being actively exploited. Users are advised to update as soon as possible. The vulnerability has been resolved in version 67.0.3.

Mozilla makes a brief statement about the vulnerability on its website. This is a zero-day vulnerability that, according to the browser maker, is being actively abused. Security researcher Samuel Groß of Google Project Zero and the Coinbase Security team are listed as discoverers of the vulnerability.

Groß told ZDNet that the vulnerability allows for remote code execution, but a separate sandbox escape must be used to execute code on the victim’s operating system. According to the researcher, the vulnerability can also probably be exploited for universal cross-site scripting.

Mozilla does not provide details about the attacks that are being carried out. Since the leak was co-reported by Coinbase’s security team, it is conceivable that it concerns attacks targeting crypto owners. Google researcher Groß says he has no details about the abuse. He found the leak on April 15 and reported it to Mozilla. The Firefox maker has fixed the bug in version 67.0.3 of the browser.

You might also like