The latest version comes with an emergency patch that addresses a zero-day flaw that is Firefox says is currently being exploited to no end by unscrupulous characters. The zero-day exploit was discovered by Samuel Groß, a security researcher working with Google Project Zero, and Coinbase Security team. According to Mozilla engineers, the flaw can cause “a type confusion vulnerability to occur when manipulating JavaScript objects due to issues in Array.pop”. In turn, this vulnerability allows for an “exploitable crash” to be set up.
Groß further explained that the bug can also be exploited for remote code execution (RCE), but in order for hackers to do that, they would need a separate “sandbox escape” to do so. There’s no additional details about the flaw beyond the announcement, but both Groß and Mozilla suspect that the exploit was aimed at cryptocurrency owner. Not surprising, given that the value of the Bitcoin has risen, with its value currently hovering between the RM35000 and RM40000 mark. In any case, you can download the new Firefox version via the official Mozilla download portal. (Source: Mozilla via The Verge, ZDNet // Image: Mozilla)
