The new version of the Mozilla browser, Firefox 67.0.3, is already reaching all users as one more update. If we already have version 67 of the browser installed, we will automatically receive the patch while using the browser, and it will be installed as soon as it is closed and reopened.
This update came as an emergency patch for all users of version 67 (and ESR 60) to fix a critical vulnerability of the newly discovered 0-day browser, a flaw that allows an attacker to take control of any computer that uses this browser and from which we must protect ourselves as soon as possible.
This new security flaw has been considered critical both by Mozilla and the security researcher who found it, Samuel Groß, member of Google Project Zero and the security department of Coinbase.
This vulnerability has been registered as CVE-2019-5786 and affects all Firefox users, both Windows and MacOS and Linux, in 32 and 64 bits, even those that used the latest version until then, Firefox 67.0.2. In addition, this security flaw was being exploited in a massive way by the Internet, which increases the importance of updating browsers as soon as possible. At first, this security failure seems not to affect Android or iOS.
As Mozilla explains, the failure is due to a type of confusion when manipulating JavaScript objects inside the Array.pop, causing an error in the system that can be exploited with other tools to execute code in memory or install software without user interaction.
If users want to force the download manually, simply open the menu ” Options> Help> About Firefox ” to check the version we have. If this is not 67.0.3, the update will be downloaded automatically, it will be installed and we will be protected.