Firefox Zero-Day Vulnerability

Systems Affected

  • Firefox
  • Firefox ESR

Threat Level


Overview Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.[1]


A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.[2] The vulnerability identified as CVE-2019-11707 affects anyone who uses Firefox on desktop (Windows, macOS, and Linux) — whereas, Firefox for Android, iOS, and Amazon Fire TV are not affected.


The vulnerability could allow attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions and take full control of them.


Mozilla has released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch the vulnerability. Apply the necessary updates. Ensure you are running the latest Firefox 67.0.3 and Firefox ESR (Extended Support Release) 60.7.1 or later.


[1] [2] [3]


The information provided herein is on “as is” basis, without warranty of any kind.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.