Mozilla has released the new versions of the Firefox browser, Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browser which is being exploited by the attackers in the wild.
The flaw was discovered by Samuel Groß, a cybersecurity researcher at Google Project Zero and he states that the vulnerability could permit attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions and take total control of them.
The vulnerability has been dubbed as CVE-2019-11707 and it would infect the Firefox browser used on desktop (Windows, macOS, and Linux), while it does not affect the Firefox for Android, iOS, and Amazon Fire TV.
The flaw primarily leads to Universal Cross-site Scripting (UXSS) attacks, but together with a sandbox escape issue, it would let attackers to execute arbitrary code remotely on a targeted system.
Usually, Firefox automatically installs latest updates and activate the latest version after restarting but they have advised the users to ensure that they are running the latest Firefox 67.0.3 and Firefox (Extended Support Release) 60.7.1 or later.