Mozilla Patches Two Zero-Day Vulnerabilities in Firefox Used to Install Backdoors on Macs, Update Now - MacRumors
Skip to Content

Mozilla Patches Two Zero-Day Vulnerabilities in Firefox Used to Install Backdoors on Macs, Update Now

by

Mozilla has patched two zero-day security vulnerabilities in Firefox that allowed backdoors to be installed on Macs, bypassing Apple's usual XProtect and Gatekeeper protections. Firefox users should update the browser immediately.

firefox quantum
Ars Technica's Dan Goodin:

Mozilla released an update on Tuesday that fixed a code-execution vulnerability in a JavaScript programming method known as Array.pop. On Thursday, Mozilla issued a second patch fixing a privilege-escalation flaw that allowed code to break out of a security sandbox that Firefox uses to prevent untrusted content from interacting with sensitive parts of a computer operating system.

The zero-days were exploited by unnamed hackers this week, but so far, attacks are known only to have targeted Mac users involved in cryptocurrency.


As noted by Mac security expert Patrick Wardle, XProtect and Gatekeeper provided no protection in this case, as they only scan applications that have a quarantine flag set. Fortunately, this may change in macOS Catalina.

Firefox users on Mac should update the web browser to version 67.0.4 as soon as possible to keep themselves protected.

More details can be read at Ars Technica.

Top Rated Comments

___joshuaturner Avatar
92 months ago
Why does this article of rather large importance get stuck in the sidebar blog while articles about Google not making tablets anymore are in the main feed for everyone to see?
Score: 18 Votes (Like | Disagree)
Morod Avatar
92 months ago
THANKS!
Score: 4 Votes (Like | Disagree)
Secondempire Avatar
92 months ago
And if you're using Tor Browser, don't forget to update it to version 8.5.3 (it's based on Firefox)
Score: 3 Votes (Like | Disagree)
92 months ago
I updated yesterday, but still don't use Firefox as my main browser. I am impressed by how much that browser has improved in terms of its elegance and design. It used to feel foreign on the Mac, but now it feels much more native.
Score: 3 Votes (Like | Disagree)
JosephAW Avatar
92 months ago
Official support goes all the way back to Mavericks, what are you running that you can't update?
Mac Pro 1,1. Snow Leopard. :p
Last official macOS is 10.7. Yeah yeah I know you can replace boot file with pikers file but I'd rather run an official OS from Apple. Oh course Windows X 64 bit runs fine.
Score: 2 Votes (Like | Disagree)
thisisnotmyname Avatar
92 months ago
What about macOS version that can't support FF 67? Any ESR updates or does this only effect modern engine?
Official support goes all the way back to Mavericks, what are you running that you can't update?
Score: 2 Votes (Like | Disagree)

Popular Stories

apple wallet drivers license feature iPhone 15 pro

Apple Says iPhone Driver's Licenses Will Expand to These 6 U.S. States

Thursday July 9, 2026 7:29 am PDT by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. To set up the feature, open the Wallet app on the iPhone and tap on the plus sign in the top-right corner. Next, tap on Driver's License and ID Cards,...
apple silicon 1 feature

Apple Silicon is Taking an Unexpected Turn

Friday July 10, 2026 7:24 am PDT by
Ever since the Mac switched from Intel processors to Apple silicon starting in 2020, each generation of M-series chips has included higher-end Pro and Max variants. If a recent report proves to be accurate, though, that streak will be coming to an end. According to Bloomberg's Mark Gurman, Apple will be releasing a regular M6 chip, but it has no plans to offer higher-end M6 Pro and M6 Max...
iphone 16 teal

'Siri AI' Lawsuit Update: Apple to Pay Owners of These iPhone Models

Thursday July 9, 2026 7:08 am PDT by
In May, Apple agreed to pay $250 million to settle a U.S. class action lawsuit over Siri AI's delayed launch, and eligible iPhone users could receive up to a $95 payout. This week, the California court overseeing the case held a hearing regarding preliminary approval of the settlement, but the judge has not yet issued a ruling. It will likely be at least a few more months before eligible...