Mozilla has released Firefox 67.0.3 to patch a major security bug that is being exploited in the wild by hackers.
The emergency patch was rolled out after members of Google Project Zero and Coinbase Security reported the Firefox zero-day tracked as CVE-2019-11707 to Mozilla.
According to a statement by Mozilla (via ZDNet), the bug allow hackers to use manipulated javaScript code to trick users into visiting websites that deploy malicious codes into their PCs.
"A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow exlploitable crash. We are aware of targeted attacks in the wild abusing flaw," a statement by Mozilla read.
Describing the bug to ZDNet, Samuel Groß, a Google Project Zero security researcher who was credited with discovering the vulnerability with the Coinbase Security team, said he didn't have much details on the bug but described what looked like the bug could be exploited to steal cryptocurrency.
"The bug can be exploited for RCE [remote code execution] but would then need a separate sandbox escape" for the code to run on an underlying operating system, Groß said.
To update your Firefox is easy. Simply tap the hamburger icon on the upper-right hand corner and type "update" in the search box and then click on "Restart to update Firefox."
Another way to do the update is to just restart your Firefox browser and watch as it updates itself without you having to download any file update (Mozilla usually force updates to its Firefox browser without the users permission). Alternatively, you can just download Firefox here and run the update yourself.
When you have done the update on your Firefox browser, you should see a page that reads "Congrats! You're using the latest version of Firefox," once you launch the browser.