This article was first published on Silicon Republiccryptocurrency – Silicon Republic
Mozilla, maker of the Firefox web browser, has released an emergency patch to counter a zero-day flaw in the browser that is actively being exploited in the wild.
The vulnerability can cause an “exploitable crash” of the browser, according to Mozilla. “We are aware of targeted attacks in the wild abusing this flaw,” Mozilla warned.
Firefox currently accounts for about 5pc of the world’s browser market share, according to StatCounter.
Targeted crypto attacks
The bug was spotted by Samuel Groß, a member Google’s Project Zero security research division and the Coinbase Security team, leading to speculation that attacks are targeting cryptocurrency owners.
On Twitter, Groß responded to news of Mozilla’s update explaining: “I don’t have any insights into the active exploitation part.”
Groß, who said that he first reported the bug on 15 April, added: “The bug can be exploited for RCE but would then need a separate sandbox escape. However, most likely it can also be exploited for UXSS which might be enough depending on the attacker’s goals.”
A critical fix was issued yesterday (18 June) and Firefox version 67.0.3 and Firefox ESR 60.7.1 are the latest recommended browser versions.
How to update Firefox
It’s best practice to keep your browser up to date against any known security threats.
For Mac users, simply open Firefox, click ‘Firefox’ in the menu bar and then ‘About Firefox’. The resulting information window will give you the details on which version of Firefox you’re running and will also include a button that reads ‘Restart to update Firefox’ if necessary.
For Windows users, open Firefox and click the menu icon. Click ‘Help’ and then ‘About Firefox’. Once again, an information window will display the current Firefox version and include a button to ‘Check for updates’. After a ...
To keep reading, please go to the original article at:
Silicon Republiccryptocurrency – Silicon Republic