Mozilla’s release of Firefox 72 this week was somewhat dampened by the fact that it includes a patch for a 0-day vulnerability in the browser.
“There’s a new Firefox release to try out,” Mozilla’s Chris Mills writes in the announcement post. “Version 72 to be exact.”
Thanks to its new four-week release cycle, Firefox 72 arrives with fewer new features than some previous releases, but it does lessen permission spam and include many new developer features. And if you’re using macOS or Linux, Firefox 72 includes the picture-in-picture (PIP) functionality for videos that debuted in the previous release on Windows.
Unfortunately, Firefox 72 also necessitated a patch for a 0-day flaw in the browser that is being exploited by hackers, so users are warned to upgrade as soon as possible. “We are aware of targeted attacks in the wild abusing this flaw,” a Mozilla security advisory admits. The flaw is present in at least several versions of Firefox, but Mozilla isn’t providing that information.
“Mozilla has released security updates to address a vulnerability in Firefox,” a U.S. Department of Homeland Security warnings explains. “An attacker could exploit this vulnerability to take control of an affected system.”