Firefox developer Mozilla has rolled out an update to the release channel of its browser app for Android that adds an important security fix. The update to version number 67.0.3 patches the critical zero-day flaw and protects users from potential attacks.
According to the Mozilla Foundation Security Advisory, the vulnerability in question was of the 'type confusion' variety that can occur when manipulating JavaScript and can lead to an exploitable crash. It was surfaced by a Google Project Zero researcher named Samuel Groß and someone from Coinbase Security, plus there were apparently reports of real-world attacks already exploiting the flaw.
An update with the fix is also available for the desktop Firefox app (with the same version number) as well as the Extended Support Release (bringing it up to version 60.7.1). If Firefox on your Android phone hasn't already updated automatically, head to the Play Store and make sure it's updated as soon as you can.
Alternatively, you can grab the latest version from APKMirror.
Via: Ghacks