Mozilla announced a new critical vulnerability that was actively exploited in the wild; the good news is that as soon as they published the vulnerability, they released a patched version. All you need to do is checking the current version you have installed if it is not the version 72.0.1 or the Firefox ESR version 68.4.1, search for the corresponding latest version mentioned.
The bug appears to be 8 years old. It's yet another failure of the open-source (Just-In-Time) JIT-compilation code Firefox relies on. If exploited, it could potentially allow attackers to execute code on machines running the vulnerable version of Firefox.
How it works
A type confusion vulnerability is a specific bug that can lead to out-of-bounds memory access and can lead to code execution or component crashes that an attacker can exploit. The attack can be leverage by luring a Firefox user with an outdated browser to a web page with malicious code.
This security patch comes a day after Firefox 72.0 was released with fixes for another 11 security vulnerabilities. Of the five high-severity vulnerabilities addressed, four could potentially be used by attackers for arbitrary code execution.
Firefox is not a bad browser; it needs some sanitization. In this version, they are offering fingerprinting protection. Fingerprinting allows companies to track users for months, even after users clear their browser storage or use private browsing mode, also last year, they launched a functionality called Enhanced Tracking Protection or ETP for short which helps you have more privacy blocking certain cookies that track your browsing.
Firefox comes by default with automatic updates when available; it should happen after a restart. However, it is better to be safe and always check manually for the update by going to Menu > Help > About Mozilla Firefox.
Do yourself a favor and install behavior analytics. Try ours for free!