If You Use Firefox, Install This Critical 0-Day Security Patch Right Now

Red Panda
Mozilla is pushing out an incremental update to its Firefox browser to mitigate a critical security vulnerability. If left unpatched, the zero day threat could allow an attacker to gain full control of PC. Indeed, Mozilla is aware of malicious actors leveraging the flaw in the wild, so if you use Firefox, it is in your best interest to update right away.

"Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw," Mozilla stated in a security document.

A type confusion attack consists of accessing data in memory that is supposed be out of bounds. This could lead to a crash, or much worse. In this case, malicious actors are taking advantage of a bug in Firefox's IonMonkey JavaScrip Just-in-Time (JIT) compiler, which is supposed to improve performance by running JavaScript code found in websites directly in the browser.

It's not clear to what extent the flaw is being leveraged in the wild, as Mozilla only offered up a curt statement on the matter. However, anyone who uses Firefox should go ahead and apply the latest update. This might require going through the update process multiple times.

How To Update Firefox To Protect Against The Latest Zero Day Threat

Firefox 72.0.1 Update
The zero day threat is addressed in Firefox 72.0.1. Incidentally, Mozilla just recently updated Firefox to version 72, which itself fixes nearly a dozen vulnerabilities. So, even if you normally stay up to date, you might be a couple of steps behind already.

That was the case for me, as I was running Firefox 71.0 (64-bit) when this zero day threat came to light. Fortunately, updating to the latest build is easy. Just follow these steps...
  • Click on the three horizontal bars in the upper-right corner
  • Navigate to Help > About Firefox
  • Click the Restart to update Firefox button when prompted
Firefox will automatically shutdown and start back up, with your tabs intact. However, if you are writing in a CMS or something of the such, save your content before doing this.

Depending on which version of Firefox you are running, you may need to do this more than once. Since I was running Firefox 71.0, the first update sequence updated the browser to version 72.0, and then I had to go through the same steps a second time to grab the 72.0.1 patch (which initiated another restart of the browser).