Mozilla has rolled out a new version of its Firefox web browser to address a critical zero-day vulnerability that has been abused for targeted attacks.
A warning from the United States’ Cybersecurity and Infrastructure Security Agency (CISA) notes that the flaw could be exploited to take control of an affected system.
Mozilla said that it is “aware of targeted attacks in the wild abusing this flaw”. The vulnerability is tracked as CVE-2019-17026 and affects both Firefox and Firefox ESR, the latter of which is used by large organizations.
The browser’s new versions – Firefox 72.0.1 and Firefox ESR 68.4.1 – are available for all of its supported desktop platforms: Windows, macOS and Linux. Needless to say, users are advised to waste no time in applying the update. The fixes can be implemented by going to the Firefox menu and clicking on Help and then About Firefox. Per Statcounter, Firefox commands a 9-percent desktop browser market share.
A few years back, ESET researchers documented how a then zero-day affecting Firefox was being abused by threat actors.