IT audit specialists claim that the more than 500 million Mozilla Firefox users are exposed to a critical vulnerability, so they should update to the latest version of the browser as soon as possible. The update fixes security flaws found in Firefox versions 67.0.3 and ESR 60.7.1.
In its security alert, Mozilla reports: “A vulnerability may arise when manipulating JavaScript objects due to some existing issues in Array.pop, so a system crash can be generated”. Mozilla added, “Unfortunately there is evidence to demonstrate the exploitation of this flaw in the wild.”
Browser developers consider it to be a critical vulnerability, as it is possible for an attacker to exploit it to execute code, install software, and other malicious tasks that do not require complex interaction of the compromised system user.
According to IT audit specialists, the vulnerability is so serious that U.S. government agencies have also decided to issue a security alert. “Mozilla released security updates to fix a severe flaw in Firefox and Firefox ESR”, mentions the Cybersecurity and Infrastructure Security Agency (CISA) alert.
Firefox users should keep in mind that this vulnerability, tracked as CVE-2019-11707, is indeed a significant security flaw, so they should update their systems as soon as possible. Updates are available on Mozilla’s official website.
According to IT audit experts from the International Institute of Cyber Security (IICS), Firefox has also automatically updated fixes in some browser versions. Users can check if the update was installed automatically by logging into Firefox and selecting the “About Firefox” option from the menu; if the update has not been installed, a new window will open to download the latest version of the browser.
If you are a Firefox user you should take five minutes to check the security of your browser, although exploiting the flaw, and similar ones, is rare in this browser, you should not miss security updates.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.