A day after releasing version 72, Firefox version 72.0.1 patches a major zero-day bug

Written 5 months ago by IanDorfman

Merely a day after Mozilla released its major version 72 update for the Firefox web browser, a new patch has been released in order to patch a zero-day vulnerability that could allow malicious actors to take control of users' computers.

The vulnerability, called CVE-2019-17026, was discovered by Qihoo 360. It is an exploit that allows for data to be read and written from normally off limits locations in system memory. This can result in crashes or the placement and execution of malicious code.

Users of both the stable release and Extended Support Release of Small Mozilla Firefox iconMozilla Firefox on all supported platforms are highly recommended to update as soon as possible. This can be done easily by going into the "About Firefox" section of the Windows version and the Firefox portion of the top menu of the macOS version.

Further coverage:
Mozilla Security Advisory
CISA
Ars Technica