Firefox 67.0.3 fixes 0-day vulnerability

Martin Brinkmann
Jun 19, 2019
Firefox
|
24

Mozilla released a new update for the Firefox web browser, Firefox 67.0.3, on June 19, 2019 to address a 0-day vulnerability in the browser. A new Firefox ESR, Extended Support Release, version is also available that brings it to Firefox ESR 60.7.1.

Firefox 67.0.3 is a security release for the Stable channel of the web browser. Firefox users may run a manual check for updates to update the browser to the new version; this is done by selecting Menu > Help > About Firefox.

Firefox checks if an update is available to download and install it if that is the case.

The new version of the web browser is also already available as a download on the Mozilla website. Firefox ESR downloads are provided on a download page for organizations.

The release notes are available but they don't reveal much; the only issue that is fixed in the release is the security issue. A link points to Mozilla's Security Advisories website.  ZDnet's Catalin Cimpanu has some insights on the security issue.

The vulnerability was reported by Samuel Groß, a member of Google's Project Zero security team, and Coinbase Security.

Mozilla describes the issue in the following way:

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.

Mozilla is aware of targeted attacks that exploit the issue but did not provide specifics. It seems likely that the attacks are related to cryptocurrency because of the involvement of Coinbase Security.

Firefox users and admins are encouraged to update the web browser as soon as possible to address the security issue in the browser.

Firefox 67.0.3 is the third stable release of the web browser after the release of Firefox 67.0. Firefox 67.0.1 and Firefox 67.0.2 were smaller bug fix releases; none patched security issues in Firefox though.

Summary
Firefox 67.0.3 fixes 0-day vulnerability
Article Name
Firefox 67.0.3 fixes 0-day vulnerability
Description
Mozilla released a new update for the Firefox web browser, Firefox 67.0.3, on June 19, 2019 to address a 0-day vulnerability in the browser.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Tom Hawack said on June 20, 2019 at 12:59 pm
    Reply

    And now… 67.0.4
    “Resurrection Shuffle” as sung by Tom Jones.

    1. EP said on June 21, 2019 at 10:58 pm
      Reply
  2. NX said on June 20, 2019 at 8:58 am
    Reply

    67.0.4 is out today. The release notes are yet to be online.

    1. Jody Thornton said on June 20, 2019 at 7:38 pm
      Reply

      Thanks NX – also ESR is now at v60.7.2 :)

    2. Martin Brinkmann said on June 20, 2019 at 9:03 am
      Reply

      Thanks, will keep an eye out for this one.

  3. Jason said on June 19, 2019 at 9:30 am
    Reply

    It’s still broken, I have constant issues signing into google, facebook and youtube, and even when I do there’s tons of glitches and it fails to open certain parts.

    1. Tom Hawack said on June 19, 2019 at 2:18 pm
      Reply

      @Jason, @Iron Heart, Firefox, correctly configured, works perfectly. I’ve *never* encountered issues and that goes back to Firefox 2.x all the way up to latest 67.0.3.

      Before accusing software maybe is it worth trying to find out what is wrong within our environment.
      When many users report similar issues then, and then only, may we start considering the culprit elsewhere than in our own incompetence.

      @Jason, maybe if you detailed those issues could we come up to something more constructive than a simple complaint.

      1. Iron Heart said on June 20, 2019 at 9:22 am
        Reply

        @Tom Hawack

        “our own incompetence.”

        Yeah, sure. The truth is that no website admin tests his or her site anymore for a fringe browser like Firefox. Its combined desktop + mobile market share is below 5%. Why should anyone waste time on it? Websites are tested against Chromium and Safari these days, and that’s it. And honestly? Taking some unnecessary working hours away from developers is not a bad thing. The situation these days can’t be compared with the Internet Explorer days, even if some people like to draw that comparison all the time. Chromium is open source, so if one dislikes Google’s decision making, one can just fork it and move on, like Brave did. I have no major problem with Chromium domination.

        Firefox is pointless. Its default configuration is as privacy-hostile as Chrome’s, and as I said, it increasingly doesn’t work, because no website admin wastes time on it anymore. Why shouldn’t I choose a Chromium browser that actually works and is more privacy-respecting, like Brave.

        Tom, you like to tinker with the interface extensively, because that’s a hobby of yours and you have the time as a pensioner (no disrespect meant, just saying how I perceive it), but most people view their browser as a simple tool for their work that needs to be as problem-free as possible. And if you don’t like to tinker with the interface extensively, then Brave is better than Firefox is every respect.

        Just my 2 cents.

      2. Nelson C. said on June 21, 2019 at 10:25 am
        Reply

        The minute Firefox ceases to exist, I really doubt Google would keep its commitment for the Chromium open-source project. This is like the Cold War and the USSR era: the fear of communism was the biggest incentive for Western elites to alleviate poverty in house.
        I really not agree with your trashing of Firefox; it has always worked for me better than Chromium. But even if you were right, you miss the main point, that the survival and thriving of this software is fundamental for our freedom, rights and privacy as internet users.

      3. Tom Hawack said on June 20, 2019 at 1:19 pm
        Reply

        @Iron Heart, a browser as it is, out of the box : we can, we should and we do criticize browsers as well as any application/software. That’s fine, healthy when done honestly and with competence.

        From there on if a user encounters issues it is either because there is a true issue (reported by many users), either because he/she has has an inadequate device environment, either because he/she has modified settings (other than those inherent to the application’s settings), mainly those about:config values, also sometimes because of extension conflicts, in such a way that chaos is the result and that applications when confronted to chaotic settings happen to yell.

        Out of the box a browser, an app works (if the user’s environment is OK). So what I meant was that issues reported by users, when not confirmed by others, is always the result of an incompetence. I’m not pointing my finger to incompetence, I am myself incompetent in many areas computing included, but I dislike this behavior which is to accuse an application as soon as we encounter an issue.

        Regarding Firefox as any other browser, the debate when honest is great. Let us compare, emphasize on strong and week points, no problem. But there is a general trend to bashing and even honest minds often fail to remain always consistent, coherent, logical, lucid, intellectually honest. In all areas, not only within technology. And this is what gets on my nerves.

        Concerning little old me, I do tweak when possible applications i’m fond of, be it the GUI be it the inner settings. But when I encounter an issue my first reaction is to ask myself where have I goofed, not what is wrong with with the application. Don’t worry I have many, many faults, shortcomings, but not that one, should it be for the sole reason of efficiency, morality aside.

      4. Iron Heart said on June 20, 2019 at 7:27 pm
        Reply

        @Tom Hawack

        Tom, Tom… I fear you still don’t get what I meant to say. I have a more than capable environment, and sometimes Firefox fails to render properly with no setting being changed, no add-on whatsoeever installed. When you develop websites, you have to test with a clean slate anyway, to avoid many of the errors on the user side you mention. I know that; I am not stupid.

        The point I am trying to make and which you either don’t understand or choose to ignore is the following: Firefox’s rendering engine Gecko itself is the problem. Due to the low market share, no web developer wastes time on Firefox anymore. If a website works OK on Chrome / Chromium and Safari, fine. Testing done. Firefox isn’t that important anymore, it has lost more than 2/3 of its users to Chrome already. And so did Internet Explorer.

        You are a talker, but in the end you say very little. That’s great when you are a poet (Or is it? Even poets have narratives and messages after all…), but it’s bad when you comment under tech-related articles, especially when you judge the knowledge of others without knowing them.

        It’s a fact that even the head of Mozilla marketing uses Chrome according to this link:

        https://andreasgal.com/2017/05/25/chrome-won/

        “If even Eric–who heads Mozilla’s marketing team–uses Chrome every day as he mentioned in the first sentence, it’s not surprising that almost 65% of desktop users are doing the same.”

        Seems like you believe more in Firefox than the guys at Mozilla themselves do. Congratulations. It’s because you are in the tiny minority that likes to tinker with the interface – and that’s OK, anybody has hobbies, it’s just that you shouldn’t pretend that others should care just because you like to tinker with stuff.

        And last but not least – as for “honest debate”: It is you who constantly misrepresents or even evades my points. I take issue with Firefox’s core engine, Gecko, which becomes increasingly irrelevant, not with some isolated setting or extension which I don’t use anyway because I have to test Firefox as is. I fail to see where my argument is “dishonest” – the problem is that you are unable or unwilling to understand my point.

        Hardly anybody uses Firefox, therefore no web admin attention, therefore website breakage. No changed settings or extensions needed to break it.

      5. owl said on June 21, 2019 at 3:15 pm
        Reply

        @Iron Heart,
        https://andreasgal.com/2017/05/25/chrome-won/
        Hardly anybody uses Firefox, therefore no web admin attention, therefore website breakage. No changed settings or extensions needed to break it.

        Your opinion is not fair.
        The quoted information is old and there is a divergence from the present two years later.
        It is just a “favorite quote” that matches your claim.
        In the current share analysis, Google and Firefox are in competition, and Chromium (non-Google) combined is far less than Firefox’s share.

        https://andreasgal.com/2017/05/25/chrome-won/
        Chrome won
        Posted on May 25, 2017 by Andreas
        This post is more than two years old information.

        The author (Andreas), two months later
        Firefox marketshare revisited
        Posted on July 19, 2017
        https://andreasgal.com/
        What about Mozilla?
        Mozilla helped the Web win but Firefox is now losing an unwinnable marketing fight against Google. This does not mean Firefox is not a great browser. Firefox is losing despite being a great browser, and getting better all the time. Firefox is simply the victim of Google’s need to increase profit in a relatively stagnant market. And it’s also important to note that while Firefox Desktop is probably headed for extinction over the next couple years, today it’s still a product used by some 90 million people, and still generating significant revenue for Mozilla for some time.
        While I no longer work for Mozilla and no longer have insight into their future plans, I firmly believe that the decline of Firefox won’t necessarily mean the decline of Mozilla. There is a lot of important work beyond Firefox that Mozilla can do and is doing for the Web. Mozilla’s Rust programming language has crossed into the mainstream and is growing steadily and Rust might become Mozilla’s second most lasting contribution to the world.

        The latest analysis of “statcounter” that he relied on data:
        https://statcounter.com/demo/reports/?range=2019-06-01–2019-06-21

        On the other hand, such analysis is also:
        https://amiunique.org/stats
        Firefox 40.9%
        https://amiunique.org/about

      6. Iron Heart said on June 22, 2019 at 7:58 am
        Reply

        @owl

        I have never heard of that dubious Amiunique site which claims that Firefox has supposedly 40.9% market share. That directly contradicts the widely respected Statcounter figures, which see Firefox at around 5.07% as of May 2019:

        – http://gs.statcounter.com/browser-market-share#

        Netmarketshare, another respected institute, sees Firefox at around 9.59% (desktop only, mobile excluded):

        – https://netmarketshare.com/?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Desktop%2Flaptop%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Trend%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22browser%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22browsersDesktop%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222018-06%22%2C%22dateEnd%22%3A%222019-05%22%2C%22segments%22%3A%22-1000%22%7D

        Those are the market share figures which are usually being discussed, and which gHacks also cited:

        – https://www.ghacks.net/2018/06/04/firefox-dropped-below-the-10-share-value-on-netmarketshare/

        So no, Firefox most certainly doesn‘t have 40.9% market share. That‘s a fantasy figure not even Mozilla would claim.

        And what Andreas Gal had to say doesn‘t contradict any of my points really. He says that Firefox is losing against Google, and that Mozilla is now developing a programming language next to Firefox which might (assumption) become a success. Where does he say that Mozilla has 40.9% market share again? Oh wait, he doesn‘t:

        „Eric mentioned in the blog post that Firefox added users last year. The relative Firefox market share declined from 16% to 14.85% during that period.“

        And that was in May 2017, when the article was written. Needless to say, Firefox‘s market share is lower now. Seems like Andreas Gal trusts the Statcounter figures more than he does your dubious numbers, seeing how he cited Statcounter figures in his article:

        https://andreasgal.com/2017/05/25/chrome-won/

        Seems like you just went out of your way to find a „favorite quote“ to throw at me, the very thing you accuse me of doing. Epic fail.

      7. Tom Hawack said on June 21, 2019 at 9:43 am
        Reply

        @Iron Heart, let’s not make our dialog personal in which case I could gather many of your comments proposing to users mentioning a Firefox issue to move on to another browser, not to mention your condescending remarks about Ghacks-user.js and its maintainer, Pants, not to mention your latest answer above to Jason, “Use Brave or Ungoogled Chromium. Both are more privacy-respecting than Firefox, and both actually work.” as if Firefox “didn’t work” when in fact it does. Making things personal doesn’t get us anywhere.

        I understand your opinion about Firefox. But that concerns the browser, overall. That’s another debate and I do approve some of your remarks, mainly about privacy, but seems to me your condemnation is harsh and partial.

        What I meant and mean to say here, and Jason’s comment triggered my reaction, is about Firefox issues, not about the core of the browser’s architecture. And I repeat that out of the box issues are not encountered and that, when they are, it is in a wide majority of the cases, the fault of the user which has played irresponsibly with settings, or who has OS level problems, unless the issue is reported by many and factually obvious and recognized as such. As I already stated I’ve been using Firefox ever since versions 2.x and never encountered the problems stated by some users when these were not in fact true and recognized then fixed by Mozilla… and I’m no expert.

        I’m a fan of nothing, I hate fan attitudes. I just happen to use a browser practically ever since it was deployed and have never encountered problems mentioned here and there by users who too quickly, IMO, blame Firefox. I may very well, one day or another should Firefox deceive me, move on to another default browser (Brave and Basilisk are my potential alternatives right now) but until then I maintain that Firefox is the best browser available (and not only because i’d be a simple mind too happy to be able to tweak its interface). Thjat’s my opinion and an opinion shared by many, even if the masses run after fashion attitudes, those of bashing Mozilla and adoring Google.

        I read you with attention, don’t worry. But don’t consider that having a different opinion means not understanding an opponent’s opinion. Again, the browser is one thing and blaming it as soon as an issue is encountered is another.

      8. Iron Heart said on June 21, 2019 at 3:58 pm
        Reply

        @Tom Hawack

        Just how did I make this “personal”!? By telling you that you are a pensioner whose hobby is to tinker with Firefox? I learned that from your own comments, and it isn’t even an insult.

        As for Pants and the gHacks-user.js: I don’t see how it is useful to desperately try to fix a product that is far removed from privacy-respecting, and gets worse by the day. Pants comes across as a passenger of the Titanic trying to fix the gaping holes on deck, telling the other passengers not to worry and that all is fine, while the captain (Mozilla) rams the ice berg in a suicide attempt, at full speed. Do I have to take such a project seriously? I don’t think so. The smarter approach would be to switch to a privacy-respecting browser and call it a day, but much like you, Pants likes to tinker with stuff, and will thus remain on the sinking ship. If you find my attitude towards this project condescending, so be it. I don’t care. I will call projects out which I don’t find useful, although I don’t want to needlessly hurt anyone’s feelings of course.

        You answered to my comment with a largely unrelated post, stating that some setting must have been changed or some extension installed, and that this would be the reason for Firefox not working at all. That wasn’t the case here, and you only came up with this because Firefox, also known as the holy grail of browsers, does in fact work on the sites you use. And since it works for you, has to be my fault when it doesn’t work me. Wow. Weird comment, which could have been reduced to two or three sentences. Yet you come up with a text wall, indirectly accusing me of being too stupid to use the browser… Laughable.

        And no, Firefox isn’t the best browser available. It claims to care about privacy, yet isn’t privacy-respecting at all, and isn’t nearly as compatible with the web as Chromium is. You can still tinker with its interface, and that’s about the only advantage it has over Chromium. It used to be less resource-hungry, but this isn’t the case anymore either.

        And you are not understanding why Chrome rose to be the dominant browser at all, if you think it was just a “fashion attitude”. Part of the reason was Google’s dominance of the web and them heavily advertising Chrome, of course, but part of the reason also was that Google developers did a damn good job optimizing the browser – it was much faster than Firefox and Internet Explorer when it first released, and it still is. Also, Google implemented very good developer tools in Chrome, while the Mozilla developers, in a mixture of laziness and incompetence, failed to answer the calls of web developers for better dev tools, hence why many started to develop in Chrome because it was so much better. Chrome quickly had many web devs behind it for that reason. I don’t expect you know this, since you are only having the user perspective and don’t care about dev tools. But saying that Mozilla did nothing wrong and that Chrome just represents a “fashion attitude” is extremely ignorant and shows a severe lack of knowledge on your part.

        And again, please let go of the attitude “It can’t be Firefox, it has to be an error on your end, which you committed as a result of incompetence.” etc. That’s not at all the case most of the time, and shows a carefully hidden yet strong arrogance on your part. I know Mozilla, I know Bugzilla, I know how their devs do stuff because often enough one has to fix Firefox-related quirks when creating a website. They are clearly less competent than most Chrome devs, seems like Mozilla doesn’t have the larger payroll and thus loses most talent to Google. That’s the only possible explanation really.

      9. Dave said on June 19, 2019 at 6:47 pm
        Reply

        @Tom, users should not have to “configure” their browser after every update. They shouldn’t have to “configure” it at all. It should just work.

        My kids wanted to play on “Friv” (flash games) last night on the old laptop running windows 7. FF updated to 67.0.3 32bit and now websites have no sound. The browser is bone stock with no “configuration” changes at all.

        Now I have to go figure out WTF FF screwed up.

    2. Iron Heart said on June 19, 2019 at 1:43 pm
      Reply

      @Jason

      Use Brave or Ungoogled Chromium. Both are more privacy-respecting than Firefox, and both actually work.

  4. Ivor said on June 19, 2019 at 8:17 am
    Reply

    So I moved to ESR 60.7.1 – now how the eff do I get back my legacy add-ons???

    1. John Fenderson said on June 20, 2019 at 12:44 am
      Reply

      @Ivor:

      I third the vote for Waterfox. It has not disappointed me.

    2. Iron Heart said on June 19, 2019 at 1:41 pm
      Reply

      @Ivor

      Waterfox is the answer.

      https://www.waterfox.net/

    3. ULBoom said on June 19, 2019 at 1:32 pm
      Reply

      You can’t unless you go back to the version that supported them. ESR is a stripped down version of the regular browser based on whichever version it happens to be, v.60 currently.

    4. Yuliya said on June 19, 2019 at 1:03 pm
      Reply

      You’ll have to use Waterfox if you want legacy addons on “modern” (and I use this term very loosely, as mozilla’s browser can be described as anything but) Firefox.
      And then I think the addons might still need some slight modifications, but I can’t be sure. Still, DownThemAll works fine on Waterfox — I wonder if uB0 XUL would work on it, as that version is superior to the WE one.

      1. rickmv said on June 19, 2019 at 9:21 pm
        Reply

        “uBO is already better equipped than Chromium’s version of uBO (and also better equipped than the Firefox legacy version).”

        From the man himself: gorhill

    5. Tamris said on June 19, 2019 at 12:44 pm
      Reply

      It never supported XUL addons though.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.