Mozilla, the parent company to the popular web browser Firefox, has released patches for an actively exploited security vulnerability which could allow an attacker to remotely execute arbitrary code on vulnerable versions of Firefox. Mozilla stated that Firefox developers are “aware of targeted attacks in the wild abusing this flaw,” which would allow attackers to take control of affected systems. The attackers could potentially trigger the flaw by tricking users into visiting maliciously-crafted web pages and subsequently execute arbitrary code on their systems. This vulnerability was exploited by attackers to attempt to de-anonymize Tor Browser users and collect data that includes IP addresses, Mac addresses, and hostnames. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert on this Zero-day vulnerability.
Analyst Notes
Mozilla has released a new patch, Version 67.0.3, for all platforms. Users are strongly recommended to install this patch as soon as possible to correct this flaw. This new patch can be found through Mozilla’s home page.
