During the hacking competition Pwn2Own, two major events were presented vulnerabilities in the recent version of Firefox, Firefox 66. This led Mozilla to the release of a new one patch to address security issues.
Last week, Mozilla released Firefox version 66.0. However, 2-3 days, the 66.0.1 version is available to address the two vulnerabilities, CVE-2019-9810 and CVE-2019-9813. The vulnerabilities became known by Richard Zhu, Amat Cama and Niklas Baumstark.
Η Mozilla gave some information about the two vulnerabilities. CVE-2019-9810 allows cache overflow attack and causes a problem in bounds checking due to incorrect information in JMIT IonMonkey for the Array.prototype.slice method.
CVE-2019-9813 vulnerability causes a problem with the IonMonkey JIT code, which allows hackers to access memory.
Given the situation, all users will have to install the Firefox 66.0.1 update, according to Mozilla. The company described the two vulnerabilities as "critical" and advised users to act quickly.
The update is already available on platforms Windows and MacOS via OTA (over-the-air) updates.
Mozilla is on the lookout for other security issues in the new version. However, it has already begun preparing for the Firefox 67.0 series, which will be available in May.