Mozilla has patched a zero-day exploit in late revisions to Firefox 72 and version 68 of the Android web browser. In a security advisory, the company said that it was made aware of "targeted attacks in the wild abusing this flaw."

The vulnerability lies in Firefox's JavaScript Just-in-Time compiler, IonMonkey, where it receives data and recognizes it as a certain type for processing. Malicious actors would be able to manipulate the type of data at this stage which could lead to code execution — this is known as type confusion.

Chinese security firm Qihoo 360 was credited with reporting the bug. ZDNet reports that the company tweeted about the attack and noted that it also affected Internet Explorer. The tweet was later deleted.

Firefox users are advised to update to desktop version 72.0.1 and mobile version 68.4.1 as soon as possible. You can download the Android version through APK Mirror.

Firefox Fast & Private Browser Developer: Mozilla
Price: Free
4.6
Download

Two other zero-day type confusion vulnerabilities in Firefox were exploited back in June in a coordinated assault against the staff of cybercurrency exchange Coinbase.

Source: Mozilla

Via: ZDNet