The Mozilla team has released earlier today version 67.0.3 of the Firefox browser to address a critical vulnerability that is currently being abused in the wild.
“This can allow for an exploitable crash,” they added. “We are aware of targeted attacks in the wild abusing this flaw.”
Samuel Groß, a security researcher with Google Project Zero security team, and the Coinbase Security team were credited with discovering the Firefox zero-day — tracked as CVE-2019-11707.
Outside of the short description posted on the Mozilla site, there are no other details about this security flaw or the ongoing attacks.
Based on who reported the security flaw, we can safely assume the security flaw was being exploited in attacks aimed at cryptocurrency owners.
Groß did not respond to a request for comment from ZDNet seeking additional details about the attacks.
Firefox zero-days are quite rare. The last time the Mozilla team patched a Firefox zero-day was in December 2016, when they fixed a security flaw that was being abused at the time to expose and de-anonymize users of the privacy-first Tor Browser.
More browser coverage: