"Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw," Mozilla stated in a security document.
It's not clear to what extent the flaw is being leveraged in the wild, as Mozilla only offered up a curt statement on the matter. However, anyone who uses Firefox should go ahead and apply the latest update. This might require going through the update process multiple times.
How To Update Firefox To Protect Against The Latest Zero Day Threat
The zero day threat is addressed in Firefox 72.0.1. Incidentally, Mozilla just recently updated Firefox to version 72, which itself fixes nearly a dozen vulnerabilities. So, even if you normally stay up to date, you might be a couple of steps behind already.
That was the case for me, as I was running Firefox 71.0 (64-bit) when this zero day threat came to light. Fortunately, updating to the latest build is easy. Just follow these steps...
- Click on the three horizontal bars in the upper-right corner
- Navigate to Help > About Firefox
- Click the Restart to update Firefox button when prompted
Firefox will automatically shutdown and start back up, with your tabs intact. However, if you are writing in a CMS or something of the such, save your content before doing this.
Depending on which version of Firefox you are running, you may need to do this more than once. Since I was running Firefox 71.0, the first update sequence updated the browser to version 72.0, and then I had to go through the same steps a second time to grab the 72.0.1 patch (which initiated another restart of the browser).