Firefox fixes a second zero day fault in two days
Firefox has just released a new update. 48 hours after the one that corrected a zero day fault, it corrects a second vulnerability directly related to the first one.
A Google Project Zero security researcher recently detected a critical flaw in Firefox. This allowed malicious code to be executed remotely on the target machines. Mozilla quickly released an update. It was two days ago. Today, the foundation is deploying a second patch, directly related to this flaw.
Firefox is still updating
The first flaw was a remote code injection flaw, going through a very classic phishing process. The victim clicked on a link, the attacker could then install a malware on the machine. The first fix rendered this attack ineffective, but a second similar flaw was discovered.
Fix a new zero day fault
According to Mozilla, this is a sandbox escape flaw, opening the door to the victim’s operating system. The malicious code could escape from the isolated space allocated to access the rest of the machine. This new patch makes this impossible.
If Mozilla is working hard to provide a secure browser to its users, these flaws show that zero risk does not exist but the foundation is still very responsive. If you are not yet in version 67.0.4, update yourself without delay, your machine will say thank you!