MOZILLA HAS HIT the panic alarm and is urging Firefox users to immediately update their browser as it contains a zero-day vulnerability that is being actively exploited.
The bug is what's known as a 'type confusion vulnerability', which in a nutshell is a piece of code that doesn't verify the type of object or resource - think a pointer or a variable data - and then blindly uses an incompatible object causing a program crash.
There are precious little details on the vulnerability, but when used it can cause an exploitable crash in Firefox that hackers can then use to execute arbitrary code on targeted systems. Such an attack could happen if vulnerable Firefox users ended up visiting webpages with malicious code hidden behind them.
"We are aware of targeted attacks in the wild abusing this flaw," said Mozilla's security advisory, which means that the bug it pretty bad news and needs to be patched sharpish.
Luckily, Mozilla has patches that squash the bug in Firefox 67.0.3 and Firefox ESR 60.7.1, and if you're a heavy Firefox user, it's worth checking that your browser is up-to-date.
The bug was initially reported by one Samuel Gross from Google's Project Zero security team and Coinbase Security.
Given the latter's reporting, we could speculate that the attacks in the wild may have been aimed at cryptocurrency users, with hackers going after their digital wallets.
That's all we know for the time being until more info comes out of Mozilla and other cybersecurity types. But in the meantime make sure your Firefox browser is patched and then you can breathe easy. µ
Think happy thoughts
IE zero-day is being actively exploited, Redmond warns
Crapsicab firm's application for a full licence gets rejected
Subscriptions for everyone!