Critical vulnerabilities have been discovered in the Mozilla Firefox web browser and Firefox Extended Support Release (ESR), and a high-severity bug has been reported for Google Chrome, all of which could allow for arbitrary code execution.
Users with operating systems that allow for greater privileges (e.g., administrator privileges) are at the highest risk for vulnerabilities. According to MS-ISAC, the Center for Internet Security, “an attacker could then install programs; view, change or delete data; or create new accounts with full user rights."
The critical Firefox vulnerability is listed as CVE-2019-11764. Review the complete list of the vulnerabilities patched in the latest Firefox update.
The highest severity Chrome vulnerability is listed as CVE-2019-13699. Review the complete list of the vulnerabilities patched in the latest Chrome update.
Read more about the vulnerabilities in this article.
We have not received reports of exploits in the wild. Please advise all users of Chrome prior to the current Chrome 78.0.3904.70 release, as well as users currently on Firefox 69 and Firefox ESR 68.1 to update their software immediately.