06-20-2019, 11:40 AM
Critical Firefox vulnerability fixed in 67.0.3
<div><p>On Friday, Mozilla <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/">issued a security advisory for Firefox</a>, the default web browser in Fedora. This advisory concerns a CVE for a vulnerability based on type confusion that can happen when JavaScript objects are being manipulated. It can be used to crash your browser. There are apparently already attacks in the wild that exploit the issue. Read on for more information, and how to protect your system against this flaw.</p>
<p> <span id="more-28432"></span> </p>
<p>At the same time the security vulnerability was issued, <a href="https://www.mozilla.org/en-US/firefox/67.0.3/releasenotes/">Mozilla also released Firefox 67.0.3</a> (and ESR 60.7.1) to fix the issue.</p>
<h2>Updating Firefox in Fedora</h2>
<p>Firefox 67.0.3 (with the security fixes) has already been pushed to the stable Fedora repositories. The security fix will be applied to your system with your next update. You can also update the <i>firefox</i> package only by running the following command:</p>
<pre class="wp-block-preformatted">$ sudo dnf update firefox</pre>
<p>This command requires you to have <a href="https://fedoramagazine.org/howto-use-sudo/">sudo</a> setup. Note that not every Fedora mirrors syncs at the same rate. Community sites graciously donate space and bandwidth these mirrors to carry Fedora content. You may need to try again later if your selected mirror is still awaiting the latest update.</p>
</div>
<div><p>On Friday, Mozilla <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/">issued a security advisory for Firefox</a>, the default web browser in Fedora. This advisory concerns a CVE for a vulnerability based on type confusion that can happen when JavaScript objects are being manipulated. It can be used to crash your browser. There are apparently already attacks in the wild that exploit the issue. Read on for more information, and how to protect your system against this flaw.</p>
<p> <span id="more-28432"></span> </p>
<p>At the same time the security vulnerability was issued, <a href="https://www.mozilla.org/en-US/firefox/67.0.3/releasenotes/">Mozilla also released Firefox 67.0.3</a> (and ESR 60.7.1) to fix the issue.</p>
<h2>Updating Firefox in Fedora</h2>
<p>Firefox 67.0.3 (with the security fixes) has already been pushed to the stable Fedora repositories. The security fix will be applied to your system with your next update. You can also update the <i>firefox</i> package only by running the following command:</p>
<pre class="wp-block-preformatted">$ sudo dnf update firefox</pre>
<p>This command requires you to have <a href="https://fedoramagazine.org/howto-use-sudo/">sudo</a> setup. Note that not every Fedora mirrors syncs at the same rate. Community sites graciously donate space and bandwidth these mirrors to carry Fedora content. You may need to try again later if your selected mirror is still awaiting the latest update.</p>
</div>