We recently released a new Firefox update. Mozilla has released the new version of Firefox 72.0.1, and at the time of writing the changelog.
The new release may come as a surprise to many, as the previous version of Firefox 72.0 was released just a few days ago. Firefox ESR, Extended Release Support specifically aimed at organizations and users who need stability without much change, is also updated to Firefox ESR 68.4.1.
While it is not uncommon for Mozilla to release small updates between large versions of Firefox, it is rare for an update to be released just days after its release.
Firefox 72.0.1 fixes a security vulnerability in the program tours that is currently being exploited in dianetwork according to Mozilla.
The release note lists the security patch as the only change to the new version of Firefox.
Mozilla's Security Advisories hub as you can see in the image above lists only one vulnerability which appears to have been updated in Firefox 72.0.1. The vulnerability has been rated critical, which usesto identify high-impact vulnerabilities.
The description says:
CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
Incorrect information in the IonMonkey JIT compiler to set array elements could lead to type confusion. We know they are already being targeted attacks that abuse this flaw.
The vulnerability was reported by Qihoo 360 ATA, and is said to affect the browser's Just in Time Compiler. Since the vulnerability is already being exploited on the internet, Mozilla had to react quickly with the release of a patch.
So the new versions of Firefox, Firefox 72.0.1 and Firefox ESR 68.4.1 are already available. Firefox users can download the latest version from the Mozilla Web site or use the built-in update feature to update their browser.
Firefox 72.0.1 download before official release