Si you are a Firefox user, let me tell you that it is time to update your browser yes or yes. And that recently a zero day vulnerability has been discovered in the browser and is actively exploited in targeted attacks.
The security breach was revealed through Google's Project Zero and affects all versions of Firefox. However, the good news is that there is a patch available from June 18 in Firefox 67.0.3 and Firefox ESR 60.7.1 versions.
Additionally, Mozilla strongly recommends users to upgrade.
About the security breach
In a security bulletin, Mozilla engineers gave some explanations on the nature of the fault.
Aside from the short description posted on the Mozilla site, there are no other details about this security vulnerability or attacks in progress.
After a request for additional details, They mention that the bug could be exploited for remote code execution (RCE), but then it would require a separate escape from the sandbox to run the code in an underlying subsystem.
"However, it is likely that it can also be exploited for cross-scripting, which may be sufficient depending on the attacker's goals," they added.
Cross-site scripting (shortened to XSS) is a type of website security flaw that allows content to be injected into a page, causing actions in the web browsers that visit the page.
Eg it is possible to redirect to another site for phishing or to steal the session by retrieving cookies.
On the other hand, they also argue that they do not have details at the moment about how this zero day flaw was used in the browser that Coinbase Security could learn more about the discovered attacks.
“I have no idea about the part related to active exploitation. I found and reported the bug on April 15, "said a Google security researcher.
However, some might say that based on the other entity that reported the security hole (Coinbase Security), we can assume that this security hole was exploited during attacks on cryptocurrency owners.
In order to update the new corrective versions of the browser to this one and even install it if you do not have it, you can do so by following the instructions that we share below.
Users of Ubuntu, Linux Mint or some other derivative of Ubuntu, They can install or update to this new version with the help of the browser's PPA.
This can be added to the system by opening a terminal and executing the following command in it:
sudo add-apt-repository ppa:ubuntu-mozilla-security/ppa -y && sudo apt-get update
Done this now they just have to install with:
sudo apt install firefox
In the case of Arch Linux users and derivatives, just run in a terminal:
sudo pacman -Syu
Or to install with:
sudo pacman -S firefox
For, all other Linux distributions can download the binary packages from the following link.
Another way to update the browser to the latest version is by opening the browser and clicking the question mark in the menu bar.
Here we are going to select "About Firefox" and this will automatically start the download and installation of the new version.
Firefox released fixes are 67.0.3 and 60.7.1, in which the critical vulnerability (CVE-2019-11707) has been fixed.