Firefox security update (72.0.1) fixes Critical vulnerability under attack

Just a day after releasing Firefox 72, the Mozilla Foundation released a new security update 72.0.1 that addresses a critical security vulnerability under active attack.

On Tuesday this week, Mozilla introduced Firefox 72 with built-in browser fingerprinting protections and also fixes for 11 security vulnerabilities.

However, Mozilla released on January 8 a security update 72.0.1 to fix a vulnerability in the IonMonkey JIT compiler (CVE-2019-17026).

“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw,” Mozilla said in the advisory.