Updated 24th June 2019: Mozilla has released a security bulletin advising of a vulnerability in a version of Firefox

Felix GrantApple, Deployment, General, Security Announcement

Mozilla has released two emergency critical updates for Firefox to patch a zero-day vulnerability that is under active exploitation.

This is patched in Firefox version 67.0.4 and Firefox ESR version 60.7.2. As before, if you’re on our Managed Service platform datajar.mobi, this update has been tested and released to all customers with immediate effect leveraging our Auto-Update framework. In order to expedite the rollout of this patch, we have reset the usual weekly patch cycle and all macOS devices that are powered on with an active network connection should receive this patch within the next 1-2 hours. If you have Firefox open whilst the patch is downloaded, you’ll be prompted to log out to install this as normal.

If you have any problems, concerns or questions, please let us know.

More information on the vulnerability can be found below:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/

https://www.cisecurity.org/advisory/a-vulnerability-in-mozilla-firefox-could-allow-for-arbitrary-code-execution_2019-067/

https://www.zdnet.com/article/mozilla-fixes-second-firefox-zero-day-exploited-in-the-wild/