Patch/Configuration Management, Vulnerability Management

Firefox updates address takeover vulnerability

Mozilla released security updates to address a vulnerability in Firefox and Firefox ESR that could allow attackers to take control of an affected system.

The vulnerability is rated critical and is actively being exploited in the wild. Mozilla called it "a type confusion vulnerability” that occurs when manipulating JavaScript objects due to issues in Array.pop. When exploited, the vulnerability can ultimately result in an exploitable crash, according to a June 18 security notice.

The issue was addressed and patched in Firefox 67.0.3 and Firefox ESR 60.7.1. Those who are affected are advised to update their systems immediately.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.