Firefox emergency update patches active zero-day exploit

Given how regularly browser makers like Google and Mozilla release new versions of their software, a sudden new release is almost surprising. Firefox 67.0.3, however, is no simple minor release. Users are urged to make sure they're running this latest version of the browser because while it seems to fix just one thing, it is a critical security fix that could cause users headaches or maybe even lost cryptocurrencies.

Mozilla's terse and short language almost downplays the effects of this security bug. It simply talks about a Javascript type confusion vulnerability that could cause a crash. What it says next, however, is perhaps more worrying.

Mozilla says that they are aware of the exploit being actively used in the wild. Often, security updates like this claim that there are no known exploits being used in the real world. This time it's the opposite.

What the bulletin suggests is that simply visiting specially crafted websites can cause Firefox to crash. It doesn't go beyond that and doesn't suggest any form of data intrusion. The bug was reported by Samuel GroƟ of Coinbase Security, suggesting it might also be related to cryptocurrencies.

Regardless of the actual exploit, users are urged to update to Firefox version 67.0.3 or Firefox ESR 60.7.1. So far, no widespread reports of crashes or exploit have surfaced and almost all parties involved have remained silent.