Mozilla has released new patches for Firefox, only a day after the company officially shipped version 72 of the browser.
The emergency patch was necessary because Mozilla discovered an actively exploited zero-day in Firefox, and the firm confirms that both Firefox and Firefox ESR are affected.
To be protected against exploits aimed at the zero-day, users must install Firefox 72.0.1 and Firefox ESR 68.4.1.
Mozilla explains in a security advisory that the vulnerability was reported by Qihoo 360 ATA, and it causes an IonMonkey type confusion with StoreElementHole and FallibleStoreElement.
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw,” Mozilla says in the advisory.
The vulnerability has been assigned a “critical” severity rating.
Patch, patch, patch!
Advertise on IT Security News.
Read the complete article: Mozilla Urges Everyone to Install Firefox 72.0.1 as Zero-Day Attacks Confirmed