Mozilla has patched a critical zero-day bug in Firefox that affects desktops. The vulnerability could allow bad guys to take control of a user’s computer. Mozilla says it was already aware of targeted attacks, and so it fixed the bug immediately. The flaw was fixed via a patch via Firefox 72.0.1.
Mozilla also said that attacks can be used to “take control of an affected system” and gave Qihoo 360 credit for discovering the flaw. While Mozilla acknowledged the bug, as you might imagine, Mozilla and Qihoo have so far both been tight-lipped about the details.
iPhone Hacks explains how the vulnerability works:
The vulnerability is said to target a JavaScript JIO compiler which is a primary Firefox component that handles JavaScript operations. Furthermore, the vulnerability apparently falls under the category of type confusion. The memory bug is when data gets allocated as a particular type and changes to another type. This causes undesirable changes in the data processing. Meanwhile, it will also allow attackers to zero in on memory locations with stored malicious codes.
Mozilla has been staying busy fixing Firefox bugs lately, as they have recently fixed 11 bugs that included six high-rated ones. Some of the bugs could allow attackers to take control of your computer.
To install the patch, go to “About Firefox” and use the in-browser update feature.