The U.S. Department of Homeland Security is urging Firefox users to update their browser to protect against a critical vulnerability that is under active attack.
The vulnerability could allow an attacker to take control of an affected system:
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.
Mozilla offered some more information about the bug:
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.
The vulnerability has been fixed in Firefox 72.0.1 and Firefox ESR 68.4.1.
Friday, January 10, 2020