Mozilla released Firefox 67.0.4 and Firefox ESR 60.7.2 with the fixes of second Zero-day vulnerability which is now actively exploited by hackers in wide to gain the compete for control of the vulnerable system.
Newly patched Zero-day vulnerability that resides in the Firefox 67.0.3 and earlier versions let attackers executing arbitrary code on the user’s computer.
Just two days ago, Mozilla released Firefox 67.0.3 with a patch for another Zero-day vulnerability that affected millions of Firefox users.
Soon after the Mozilla a patch for first zero-day, Tor Browser 8.5.2 released, follow up the same, we may expect the Tor will release another new update soon.
Newly patched second Zero-day in Firefox 67.0.4 is a sandbox escape vulnerability that allows an attacker to execute the malicious code remotely and gain complete control of the system where users installed an unpatched version of Firefox browser.
“Insufficient vetting of parameters passed with the
Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. Mozilla reported in its security update.
Since cybercriminals actively exploiting this vulnerability in wide, its a real emergency update from Firefox. So users urged to update the Firefox 67.0.4 immediately.