Categories: Firefox

Firefox 67.0.4 Released – Mozilla Fixed Second Zero-day in FireFox that Hackers Actively Exploited in Wide – Update Now

Mozilla released Firefox 67.0.4 and Firefox ESR 60.7.2 with the fixes of second Zero-day vulnerability which is now actively exploited by hackers in wide to gain the compete for control of the vulnerable system.

Newly patched Zero-day vulnerability that resides in the Firefox 67.0.3 and earlier versions let attackers executing arbitrary code on the user’s computer.

Just two days ago, Mozilla released Firefox 67.0.3 with a patch for another Zero-day vulnerability that affected millions of Firefox users.

Soon after the Mozilla a patch for first zero-day, Tor Browser 8.5.2 released, follow up the same, we may expect the Tor will release another new update soon.

First Zero-day vulnerability that fixed in recent Mozilla update is a type confusion vulnerability which can be triggered when attackers are manipulating JavaScript objects in Firefox.

Newly patched second Zero-day in Firefox 67.0.4 is a sandbox escape vulnerability that allows an attacker to execute the malicious code remotely and gain complete control of the system where users installed an unpatched version of Firefox browser.

“Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. Mozilla reported in its security update.

Since cybercriminals actively exploiting this vulnerability in wide, its a real emergency update from Firefox. So users urged to update the Firefox 67.0.4 immediately.

The Zero-day flaw tracked as CVE-2019-11708 and the users can install the new update via following links or direct Firefox download page.

Follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep your self-updated.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

CefSharp Enumeration Tool Identifies Critical Security Issues in .NET Desktop Applications

Cybersecurity researchers and red teamers, a newly released tool named CefEnum is shedding light on…

1 hour ago

Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage

Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI)…

1 hour ago

Critical Vulnerability in Netwrix Password Manager Enables Authenticated Remote Code Execution

A critical security vulnerability has been discovered in Netwrix Password Secure, a widely used enterprise…

1 hour ago

Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware

Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994, in…

3 hours ago

Researchers Warn of ‘Smiao Network’ Cyber Threat Against Taiwan’s Federal Staff

The Foundation for Defense of Democracies (FDD) and cybersecurity firm TeamT5 has exposed an intricate…

3 hours ago

Vidar and StealC Malware Delivered Through Viral TikTok Videos by Hackers

A sophisticated social engineering campaign that leverages the viral power of TikTok to distribute dangerous…

3 hours ago