Are you running Firefox version 67.0.3 or Firefox ESR 60.7.1? If the answer is “no,” or you’re not sure, maybe just update your web browser now. Firefox maker Mozilla is warning (via ZDNet) that the browser has a zero-day flaw that’s actively being exploited in the wild you don’t see that every day and it has issued an emergency patch that can let you plug that hole right now.
In its security advisory, the company states the bug’s impact as critical. “A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop,” Mozilla describes it in the post. “This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.”
The bug find is credited to security researcher Samuel Groß of Google Project Zero and the Coinbase Security team. It’s assumed that the vulnerability is being exploited to attack cryptocurrency owners, considering where the bug report originated from. Hype around cryptocurrency has risen these past few days, with Facebook officially announcing its own entry this week.
Updating Firefox is pretty straightforward. You can download the latest version here, though the browser is set to automatically update by default. You can also check manually by typing “Update” in the search bar and press the “Restart to update Firefox” button or use the Menu bar at the top and go to Help>About Firefox to trigger an update.