Mozilla has fixed a high-severity vulnerability in its Firefox browser being actively exploited in the wild. The vulnerability (CVE-2019-11708) is separate from a critical flaw under active attack that was patched earlier this week. Both vulnerabilities were discovered by Coinbase Security, who said that the flaws were being used in active spear phishing attacks targeting Coinbase employees. Mozilla said that Firefox 67.0.4 and Firefox ESR 60.7.2 fix the issue. Tor Browser also updated to version 8.5.2 in response to the bug.
Source: https://threatpost.com/mozilla-fixes-second-actively-exploited-firefox-flaw/145893/

