If you use Firefox Mozilla as one of your Web Browsers I strongly urge you to run an update. A bug has been found in the software, and while it has been fixed you should make sure that you are running the latest version to ensure that will aid in preventing an exploit.
object to contain a collection of data items.
is a command that they can use to remove the last element of an array.
A type confusion vulnerability happens when a program doesn’t check the type of a data item that is passed to it. It might assume it’s getting a number, for example, when it actually gets a string. If it doesn’t check, then it can mishandle the data item, potentially destabilising its code.
In this case, the effect is catastrophic, the advisory warned:
This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.
Mozilla has fixed the flaw in Firefox version 67.0.3, and in Firefox ESR version 60.7.1. Because people are already exploiting the bug, it’s important that you update to the latest version now.
Firefox automatically checks for updates and installs them, but if you’re worried, you can . To do this, select Help, and About Firefox. This will force it to check for updates and install them. When it has finished, restart the browser.
As part of our team is currently traveling to an event, we are unable to access our Android signing token, therefore the Android release is not yet available. We expect to be able to publish the Android release this weekend.
In the meantime, Android users should use the
levels, the Tor team concluded. Do that by selecting Security Settings in the menu to the right of the URL bar.