Monday, October 7, 2024
HomeFirefoxFirefox 67.0.4 Released - Mozilla Fixed Second Zero-day in FireFox that...

Firefox 67.0.4 Released – Mozilla Fixed Second Zero-day in FireFox that Hackers Actively Exploited in Wide – Update Now

Published on

Mozilla released Firefox 67.0.4 and Firefox ESR 60.7.2 with the fixes of second Zero-day vulnerability which is now actively exploited by hackers in wide to gain the compete for control of the vulnerable system.

Newly patched Zero-day vulnerability that resides in the Firefox 67.0.3 and earlier versions let attackers executing arbitrary code on the user’s computer.

Just two days ago, Mozilla released Firefox 67.0.3 with a patch for another Zero-day vulnerability that affected millions of Firefox users.

- Advertisement - EHA

Soon after the Mozilla a patch for first zero-day, Tor Browser 8.5.2 released, follow up the same, we may expect the Tor will release another new update soon.

First Zero-day vulnerability that fixed in recent Mozilla update is a type confusion vulnerability which can be triggered when attackers are manipulating JavaScript objects in Firefox.

Newly patched second Zero-day in Firefox 67.0.4 is a sandbox escape vulnerability that allows an attacker to execute the malicious code remotely and gain complete control of the system where users installed an unpatched version of Firefox browser.

“Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. Mozilla reported in its security update.

Since cybercriminals actively exploiting this vulnerability in wide, its a real emergency update from Firefox. So users urged to update the Firefox 67.0.4 immediately.

The Zero-day flaw tracked as CVE-2019-11708 and the users can install the new update via following links or direct Firefox download page.

Follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Firefox Memory Corruption Flaw Let Attacker Execute Arbitrary Code

Mozilla Firefox 119 was released with updates for 11 vulnerabilities, including three issues of high...

Malicious Firefox Extension that Allows Attackers to Access and Control Users’ Gmail Accounts

Proofpoint Threat Research has tracked low-volume phishing campaigns targeting Tibetan organizations globally. In January...

Firefox 83.0 Released – Improved Page Load Performance, HTTPS-Only Mode & 0-Day Fix – Update Now!!

Mozilla released Firefox 83.0 with new impartments on page load performance, fixed the Zero-day...