Firefox is updated for the second time in a week to fix security flaws

Firefox Danger

Security update week. X-buntu users, as a server, should have already applied some kernel updates that Canonical released earlier this week. On the other hand, Mozilla released version v67.0.3 from their browser to fix a critical security flaw that they told us they knew had been exploiting. Yesterday the same company released Firefox 67.0.4, another update that comes solely and exclusively to correct security flaws.

What they have discovered this time is very similar to what they discovered the day before: a vulnerability zero day that has been used in targeted attacks against cryptocurrency firms such as Coinbase. Interestingly, Firefox 67 introduced a novelty that promised to make us forget the word "cryptocurrencies", but this vulnerability has caused us to see that word in many articles like this one. We remember that the last big update of the fox browser blocks crypto mining and fingerprinting, although right now it still has to be activated manually (it will do so by default soon).

Firefox discovers a new vulnerability zero day

At the beginning of the week, Mozilla released versions 67.0.3 and 60.7.1 (ESR) of its browser. The new versions are 67.0.4 in its "normal" version and 60.7.2 ESR. The list of new features in this version (s) is very short, since there is only one that is described as "Security Fix". If we agree to the link, we can read the following:

Insufficient verification of parameters passed with request: Open IPC message between child and parent processes can cause the non-sandboxed parent process to open the web content chosen by a compromised child process. When combined with additional vulnerabilities, this could result in the execution of arbitrary code on the user's computer.

Mozilla recommends updating as soon as possible. At the time of writing this article, the update has not reached the official repositories of distributions like Ubuntu, but it will do so in the next few hours.


2 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   benybarba said

    Well, this is a very good thing for me, since Mozilla is looking out for us to give us a quality product.

  2.   anonymous said

    But with which part of the body do they program these in firefox? with the head and using UML it seems that no.
    Things are designed thinking about their use, not about the risks that their forms and methods imply… well we go like this.