Firefox 66 has arrived just 4 days ago and an update is now available. Firefox 66.0.1 arrives to fix two bugs found in Pwn2Own, a type of contest in which participants have to find vulnerabilities and exploit them. The good thing about these activities is that, first, the participants can demonstrate their skills, which can open many doors for them and, second, that companies discover bugs that they had not taken into account or did not know existed in their software.
The two faults found have been classified as "serious" by Mozilla itself and recommends that all users update as soon as possible. In the APT repositories, v66 is already available but, taking into account how long it took to arrive, we can think that we will be able to download the new v66.0.1 sometime next Monday. As a curiosity, the browser's most up-to-date snap package Mozilla's version is Firefox 65.0.2-1, which seems to mean that developers are in no rush to upload an updated snap package because they can be updated via push from within the application itself.
Firefox 66.0.1 fixes two serious bugs, according to Mozilla
Firefox 66.0.1 fixes The falls CVE-2019-9810 and CVE-2019-9813 found by Richard Zhu, Amat Cama, and Niklas Baumstark through Trend Micro's Zero Day Initiative. The CVE-2019-9810 is a buffer overload problem and a limit check failure absent in Firefox 66 due to incorrect alias information in the IonMonkey JIT compiler for the Array.prototype.slice method. On the other hand, the CVE-2019-9813 describes a write confusion problem that is also present in IonMonkey JIT, more specifically in its code. This vulnerability allowed an attacker to handwrite arbitrary memory due to mishandling of__proto_mutations.
Windows and macOS users can update directly from Firefox, from Help or from the warning that should appear on the screen as soon as they open it. Linux users can do the same if we have the snap version of Firefox installed. If this is not the case, and I do not do it because I notice different Firefox, we can download the binaries and copy them to the Firefox folder to use the latest version. I personally wouldn't recommend it, so the best thing is to wait, maybe 48 hours, until Firefox 66.0.1 is available in the repositories officers.
Are you worried about these two bugs that Firefox 66.0.1 fixes?