The latest zero-day vulnerability has been indexed as CVE-2019-17026. Mozilla has confirmed through a security advisory that the flaw has been fixed in Firefox 72.0.1 as well as Firefox ESR 68.4.1.
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw,” the company noted while describing the vulnerability in its advisory.
Mozilla has credited Qihoo 360 for reporting the flaw. However, further clarity on its impact hasn't been provided.
The vulnerability was categorised as a type confusion, which is potentially a critical error that could impact data processing. It is unclear that how it has been leveraged by attackers, though.
As reported by Catalin Cimpanu of ZDNet, Qihoo 360 Core highlighted that in addition to the flaw existed in Firefox, a zero-day vulnerability is affecting Internet Explorer. The Chinese firm, however, reportedly deleted the details revealing the issue within Microsoft's Web browser after briefing posting them on Twitter.
Mozilla in June last year fixed two zero-day vulnerability issues that impacted Coinbase employees and Mac users involved in cryptocurrency exchange. The vulnerabilities were indexed as CVE-2019-11707 and CVE-2019-11708.
Users are advised to download the latest Firefox version to avoid any security issues. The browser can be updated by going through Help > About Firefox.