Categories: Firefox

Firefox 67.0.4 Released – Mozilla Fixed Second Zero-day in FireFox that Hackers Actively Exploited in Wide – Update Now

Mozilla released Firefox 67.0.4 and Firefox ESR 60.7.2 with the fixes of second Zero-day vulnerability which is now actively exploited by hackers in wide to gain the compete for control of the vulnerable system.

Newly patched Zero-day vulnerability that resides in the Firefox 67.0.3 and earlier versions let attackers executing arbitrary code on the user’s computer.

Just two days ago, Mozilla released Firefox 67.0.3 with a patch for another Zero-day vulnerability that affected millions of Firefox users.

Soon after the Mozilla a patch for first zero-day, Tor Browser 8.5.2 released, follow up the same, we may expect the Tor will release another new update soon.

First Zero-day vulnerability that fixed in recent Mozilla update is a type confusion vulnerability which can be triggered when attackers are manipulating JavaScript objects in Firefox.

Newly patched second Zero-day in Firefox 67.0.4 is a sandbox escape vulnerability that allows an attacker to execute the malicious code remotely and gain complete control of the system where users installed an unpatched version of Firefox browser.

“Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. Mozilla reported in its security update.

Since cybercriminals actively exploiting this vulnerability in wide, its a real emergency update from Firefox. So users urged to update the Firefox 67.0.4 immediately.

The Zero-day flaw tracked as CVE-2019-11708 and the users can install the new update via following links or direct Firefox download page.

Follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep your self-updated.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Hackers Exploit Email Fields to Launch XSS and SSRF Attacks

Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site scripting…

1 hour ago

Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims

A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed a…

2 hours ago

SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control

Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the "SonicBoom Attack Chain," which…

3 hours ago

Researcher Uses Copilot with WinDbg to Simplify Windows Crash Dump Analysis

A researcher has unveiled a novel integration between AI-powered Copilot and Microsoft's WinDbg, dramatically simplifying…

3 hours ago

Apache Parquet Java Vulnerability Enables Remote Code Execution

A high-severity vulnerability (CVE-2025-46762) has been discovered in Apache Parquet Java, exposing systems using the…

3 hours ago

NCSC Warns of Ransomware Attacks Targeting UK Organisations

National Cyber Security Centre (NCSC) has issued technical guidance following a series of cyber attacks…

6 hours ago