Mozilla released an emergency patch on January 8, 2020, for a zero-day leak in Firefox, which was actively attacked before the update was available.
Through the vulnerability, an attacker can, in the worst case, get full control over the user’s system.
Only visiting a malicious or compromised website is enough. No further user interaction is required. Mozilla was informed about the vulnerability by security company Qihoo 360.
According to the browser developer, the leak in the IonMonkey Just In Time (JIT) compiler of Firefox was used for “targeted attacks.” However, no further details are given, except that the vulnerability allows remote code execution.
Users are advised to update to Firefox 72.0.1 or Firefox ESR 68.4.1. This can be done via the automatic update function or Mozilla.org.
More useful articles for you