Mozilla today released an emergency patch for Firefox that fixes a critical security vulnerability. Critical vulnerabilities allow an attacker to execute malcious code on the victim’s computer without requiring user interaction.
Today’s vulnerability is described by Mozilla as, “Redirection from an HTTP connection to a data: URL assigns the referring site’s origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them”. The issue only affects Firefox 49 and 50.
The patch brings Firefox’s version number to 50.0.1.
Besides the vulnerability, also an issue with the input of certain Chinese characters was fixed. Updating to Firefox 50.0.1 will go automatically through the browser’s automatic update feature.