Mozilla, the maker of Firefox web browser, has issued a warning to its users and asked them to update their web browser after the company rolled out an advisory briefing about a critical vulnerability. The advisory was issued on Tuesday (June 18) and it provides information about the security vulnerabilities that have been fixed in Firefox 67.0.3 and Firefox ESR 60.7.1.
The Mozilla post further read “We are aware of targeted attacks in the wild abusing this flaw.” The company has marked the update as ‘critical’. Apart from this small description, there are no details about this security flaw or the systems which have been affected by this so far. According to reports, the bug is critical since it allows outside users to remotely execute code on your machine without your permission.
The bug was reported by Samuel Groß, who is reportedly a security researcher with Google Project Zero and Coinbase Security.
The vulnerability is of a high magnitude so much so that even the US-Computer Emergency Readiness Team (US-CERT) has issued an advisory in this regard.
According to US-CERT advisory, an attacker can exploit the vulnerability to take control of an affected system. “This vulnerability was detected in exploits in the wild.” the advisory read.
“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.” the US-CERT said in its advisory.