FEBRUARY 2020 PCWorld 37explains (go.pcworld.com/mzxp), “Incorrect
alias information in IonMonkey JIT compiler
for setting array elements could lead to a type
confusion.” That means that an attacker
could exploit the Javascript code
to surreptitiously hack a user’s
PC and install malicious code
outside of Firefox. Mozilla
says it is “aware of targeted
attacks in the wild abusing
this flaw,” but doesn’t give
any information about how
widespread the attacks are.
The Department of Homeland
Security echoed that warning (go.pcworld.
com/exwn) and urged users to “apply the
necessary updates.” The government
regularly tracks malware and vulnerabilities,
but rarely do consumer apps rise to the level
of a cyber alert.
The bug was first detected by
Chinese security company Qihoo
360 just two days after the
initial update was released,
according to TechCrunch.
The vulnerability is patched
in Firefox 72.0.1 and
Firefox Extended Support
Release (ESR) 68.4.1. Firefox
should check for updates
immediately upon launch, but if
you’ve disabled that setting, you can
update your browser in the General tab
inside settings.Firefox users are urged to update their browser as soon as possible.