14 DAY TRIAL // Mozilla released the first point release to its latest Firefox 66 web browser to address two critical security vulnerabilities exposed during the Pwn2Own hacking contest event.
Firefox 66.0.1 is now available, just a few days after the release of Firefox 66.0 earlier this week, to patch CVE-2019-9810 and CVE-2019-9813, two security vulnerabilities reported by Richard Zhu, Amat Cama, and Niklas Baumstark via Trend Micro's Zero Day Initiative.
According to the security advisory published by Mozilla on March 22nd, CVE-2019-9810 describes a buffer overflow issue and missing bounds check flaw in the Firefox 66.0 release due to incorrect alias information in the IonMonkey JIT compiler for the Array.prototype.slice method.
On the other hand, CVE-2019-9813 describes a "type confusion" issue in the IonMonkey JIT code affecting the Firefox 66.0 release that may let attackers read and write arbitrary memory, which was possible due to incorrect handling of __proto__ mutations.
Users are urged to update to Firefox 66.0.1
Mozilla marked both issues as critical and recommended all Firefox users to update to the Firefox 66.0.1 point release as soon as possible. Firefox 66.0.1 is already rolling out to Windows and macOS platforms via OTA (Over-the-Air) updates.
GNU/Linux users will have to install Firefox 66.0.1 from the stable software repositories of their favorite distributions or download the binary packages from our free software portal. Arch Linux and other rolling OSes already pushed Firefox 66.0.1 to their repositories.
Mozilla is currently working on the Firefox 67.0 series, due for release on mid-May 2019, but it will release new maintenance updates to Firefox 66 if other security vulnerabilities are discovered or other bugs need to be fixed. Meanwhile, make sure you update to Firefox 66.0.1.