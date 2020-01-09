Loading...

Mozilla has released a new version of Firefox that fixes an actively exploited zero-day that could allow attackers to take control of users’ computers.

In an advisory, Mozilla rated the vulnerability as critical and said it was “aware that targeted attacks in the wild take advantage of this bug”. The United States cybersecurity and infrastructure security agency said one or more exploits had been “discovered in the wild” and warned that attacks could be used to “take control of an affected system”. The Mozilla report confirmed that the researchers at China-based Qihoo 360 had reported the error.

Further details on the attacks were not immediately available. Neither Mozilla nor Qihoo 360 immediately replied to emails asking for more information.

CVE-2019-17026 is a type confusion because of the vulnerability, a potentially critical error that can cause data to be written to or read from locations that are not normally approved for operation. These out-of-bound reads may allow attackers to locate locations where malicious code is stored, avoiding security measures such as randomly arranging the address space layout. Out-of-bound reads can also crash computers.

The issue was fixed in the version of Firefox 72 released on Tuesday, in which eleven other vulnerabilities were fixed, six of which were rated as high. In three cases, attackers could be able to run malicious code on the affected computers.

Patching for CVE-2019-17026 occurs seven months after Mozilla patched two major zero days that attackers have used to install an undiscovered back door on Macs used by Cryptocurrency Exchange Coinbase.

While details of the new exploits are not available, Firefox users should install the patch as soon as possible. The easiest way to do this is to refresh in the browser, which is available by clicking “About Firefox”. In Windows it is available in the help section of the menu. On Macs, it’s in the Firefox section of the menu.