Just one day after releasing Firefox 72, Mozilla updated the browser with a fix to shut down active attacks, the company acknowledged.
On Wednesday, Mozilla issued Firefox 72.0.1, which included one change: A patch for the vulnerability identified as CVE-2019-17026. "We are aware of targeted attacks in the wild abusing this flaw," Mozilla said in the short description of the flaw, signaling that criminals were already leveraging the zero-day vulnerability, the term applied because there no time elapses between patching and exploitation.
Mozilla rated the vulnerability as "Critical," the most serious rating in its multi-step ranking system. To manually update the browser, users can select Help > About Firefox on Windows or Firefox > About Firefox on macOS. The resulting page shows that the browser is either up to date or describes the refresh process.
Wednesday's update was the first aimed at a zero-day vulnerability in Firefox since June, when Mozilla patched another critical type confusion flaw.