Mozilla urges Firefox users to patch browsers immediately
A critical zero-day flaw that allows remote access and control is being actively exploited in the wild
Versions 67.0.3 and ESR 60.7.1 has been released to users on Windows, macOS and Linux desktop machines to mitigate a zero-day vulnerability dubbed CVE-2018-11707. The flaw does not arise or on Android, iOS or Amazon Fire TV iterations of the browser.
When exploited, it allows an attacker to execute arbitrary code on flawed machines and is being actively exploited in the wild, according to Mozilla. This could allow cyber criminals to seize full control if a system.
Mozilla deems a vulnerability to be 'critical' when it can be used to run code and install software without any user interaction required beyond normal browsing.
Highly severe zero-day flaws aren't uncommon, but they are often found and mitigated with patches by developers before cyber criminals are able to discover them and begin attacking users remotely.
The previous critical zero-day flaws that Mozilla discovered in Firefox 67 and Firefox ESR 60.7 were memory safety bugs flagged on 21 May this year. On this occasion, attackers were not found to be exploiting the vulnerabilities.
Another high-profile Firefox vulnerability was discovered last year by security researchers independent of Mozilla. After networking giant Cisco flagged an issue that could allow remote attackers to execute malicious code, the developers issued an emergency patch and urged users to update their browsers.
The news also comes at a time in which Mozilla is planning to introduce a host of security and privacy-centric features within Firefox, including tools such as secure storage, and a virtual private network (VPN).
Many of these new features could arise in a subscription-based version of the Firefox browser, which the developer last week hinted may surface before the end of 2019.
Unleashing the power of AI initiatives with the right infrastructure
What key infrastructure requirements are needed to implement AI effectively?Download now
Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey
A Veritas webinar on implementing a hybrid multi-cloud strategyDownload now
A buyer’s guide for cloud-based phone solutions
Finding the right phone system for your modern businessDownload now
The workers' experience report
How technology can spark motivation, enhance productivity and strengthen securityDownload now