The zero-day vulnerability is a bug inside the Mozilla Firefox that is described as a “type confusion vulnerability”. It has been given a critical impact level and it allows the outside users to remotely access and execute the codes on the user’s PC without their permission. Mozilla has spoked about the new bug found in the browser on its security advisory page and asked the users to update their Firefox to the latest version as soon as they can. According to the company, “A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash.” Currently, Mozilla hasn’t revealed the number of users who have affected by this vulnerability but the company did say that there were already a number of instances of the “targeted attacks in the wild abusing this flaw.” So, the users should update their browser to the latest version – Mozilla Firefox 67.0.3 and the Mozilla Firefox ESR 60.7.1.
But it is commendable that the company has found the vulnerability and asked the users to take the safety measures so that they are not prone to any cyber attacks. In addition to this, Mozilla is already pushing out patches and fixes for Firefox with the security update. The company also has the ability to roll out the security update automatically that can update Firefox for the user as soon as he restarts his browser. Prior to this, the company had rolled out new security tools for the Mozilla Firefox web browser. These security tools are capable of preventing some major security and privacy issues of crypto jacking and fingerprinting. These security changes were brought in April 2019, and they included protection against crypto jacking. For those unaware, cryto-jacking uses the user’s PC hardware and electricity to mine crypto currency even without their permission. This process is not just harmful for the PC’s health but it slows down its performance.