Mozilla has rolled out an update to its Firefox browser that patches a critical zero-day security vulnerability.
A zero-day vulnerability is a security flaw that the software vendor is aware of, but for which there is no immediate available fix.
This particular Firefox flaw could potentially let attackers take control of targeted computers.
Chinese cybersecurity firm Qihoo first identified and reported the bug, after which Mozilla published an advisory for the vulnerability in which it labelled the issue as critical.
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” Mozilla stated.
ZDNet describes a type confusion as a type of “memory bug where a memory input is initially allocated as one type but gets switched to another type during manipulation.”
The result could give malicious actors the ability to execute code or crash a compromised system.
Both Mozilla and the US Cybersecurity and Infrastructure Security Agency confirmed that instances of the exploit had been observed in the wild.
No specific details about the exploits were made available, possibly as a measure to decrease the likelihood of further attacks.
The release of Firefox version 72.0.1 fixes the issue.
It is recommended that Firefox users update to the latest version of the browser to prevent falling victim to the exploit.
The latest bug follows two previous Firefox zero-day vulnerabilities, which attackers attempted to exploit to install backdoors on Macs belonging to cryptocurrency exchange Coinbase.