Mozilla rolled out updates for Firefox, Focus, Firefox ESR and Firefox for Android to fix two high-severity zero-day vulnerabilities known to be actively exploited in real-life attacks.
Both flaws are Use-After-Free vulnerabilities, a type of bug that occurs when a program attempts to use previously cleared memory. Perpetrators have been known to leverage this vulnerability type to crash programs and execute commands on compromised systems without authorization.
The zero-day flaws fixed by Mozilla’s update rollout are:
Firefox developers have discovered “reports of attacks in the wild,” according to Mozilla’s security advisory. The high severity of the flaws stems from their potential to help threat actors execute a plethora of malicious commands, including downloading malware to the compromised systems, elevating permissions and acquiring persistency.
Mozilla rolled out the following updates for Firefox browsers:
Considering the threat level of these zero-day vulnerabilities, Mozilla recommends Firefox users prioritize updating their browsers to the latest version.
Although automatic Firefox updating is enabled by default, users can disable it. If you need to bring your Firefox browser up to date, you can download the latest version from the official website (Windows, Linux, macOS users), use the App Store or Play Store (Android, iOS), or check for updates manually.
You can manually update your browser by opening the Firefox menu and accessing the About Firefox option in the Help menu. This will perform a version check, install the latest update if necessary, and ask you to restart the browser.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsNovember 14, 2024
September 06, 2024