Firefox 67.0.3 fixes 0-day vulnerability
Mozilla released a new update for the Firefox web browser, Firefox 67.0.3, on June 19, 2019 to address a 0-day vulnerability in the browser. A new Firefox ESR, Extended Support Release, version is also available that brings it to Firefox ESR 60.7.1.
Firefox 67.0.3 is a security release for the Stable channel of the web browser. Firefox users may run a manual check for updates to update the browser to the new version; this is done by selecting Menu > Help > About Firefox.
Firefox checks if an update is available to download and install it if that is the case.
The release notes are available but they don't reveal much; the only issue that is fixed in the release is the security issue. A link points to Mozilla's Security Advisories website. ZDnet's Catalin Cimpanu has some insights on the security issue.
The vulnerability was reported by Samuel Groß, a member of Google's Project Zero security team, and Coinbase Security.
Mozilla describes the issue in the following way:
Mozilla is aware of targeted attacks that exploit the issue but did not provide specifics. It seems likely that the attacks are related to cryptocurrency because of the involvement of Coinbase Security.
Firefox users and admins are encouraged to update the web browser as soon as possible to address the security issue in the browser.
Firefox 67.0.3 is the third stable release of the web browser after the release of Firefox 67.0. Firefox 67.0.1 and Firefox 67.0.2 were smaller bug fix releases; none patched security issues in Firefox though.Advertisement