Mozilla has recently released Firefox 67.0.4 to fix a security vulnerability that is used to targeted attacks against cryptocurrency firms such as Coinbase. Users of Firefox are requested to immediately install mozilla Firefox 67.0.4
This week, Mozilla released Firefox 67.0.3 to fix a critical remote code execution vulnerability that was being used in targeted attacks. Since its release, it was discovered that the vulnerability and another unknown one was chained together as part of a phishing attack to drop and execute malicious payloads on user’s machines.
This vulnerability is a sandbox escape vulnerability reported by Coinbase Security that allows attackers to escape from the browser’s protective sandbox. Chaining this vulnerability with the previously one fixed in Firefox 67.0.3 allows attackers to perform remote code execution on vulnerable computers.
HOW TO UPDATE:
Users can manually check for new updates by going to the Firefox menu -> Help -> About Firefox. Firefox will then automatically check for a new update and install it.