Firefox has just released a new update. 48 hours after the one that corrected a zero day fault, it corrects a second vulnerability directly related to the first one.
A Google Project Zero security researcher recently detected a critical flaw in Firefox. This allowed malicious code to be executed remotely on the target machines. Mozilla quickly released an update. It was two days ago. Today, the foundation is deploying a second patch, directly related to this flaw.
Firefox is still updating
The first flaw was a remote code injection flaw, going through a very classic phishing process. The victim clicked on a link, the attacker could then install a malware on the machine. The first fix rendered this attack ineffective, but a second similar flaw was discovered.
Fix a new zero day fault
According to Mozilla, this is a sandbox escape flaw, opening the door to the victim’s operating system. The malicious code could escape from the isolated space allocated to access the rest of the machine. This new patch makes this impossible.
If Mozilla is working hard to provide a secure browser to its users, these flaws show that zero risk does not exist but the foundation is still very responsive. If you are not yet in version 67.0.4, update yourself without delay, your machine will say thank you!
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.