Its recommended to upgrade to 67.0.3 asap BUT im also seeing 67.0.4 in the Mozilla downloads site
Also 60.7.2 ESR is also available in the Downloads…
Any ETA on Fixlets please?
5 Likes
I echo Pete’s request.
We recived the “CISA - National Cyber Awareness System” notification on the 18th.
Then the next day the zero day details were in the press.
I would like to close down this vunrability on our endpoints via an update to 67.0.3 or higher.
Please can we have this very soon or quicker.
3 Likes
I am waiting for this as well. Will be watching.
2 Likes
We are also eagerly waiting for the fixlets to be released
2 Likes
I’m not in dev but am in AVP and just got word it was published. This is now out in Updates for Windows Applications site 1285. Announcement forthcoming but wanted to give you all a heads up.
6 Likes
@dmccalla Thanks Duncan. Im seeing 67.0.4 on Mozilla’s download site which would tend to indicate a bug or another security patch for 67.0.3
60.7.2esr also now available
The release notes are now available too
Ugh. 
I just let the team know.
4 Likes
Expected turnaround ~24 hours or less than that? Just debating on pushing the 67.0.3 asap or waiting for 67.0.4 and just pushing that if its expected in relatively short turn around.
1 Like
I would push 67.0.3 if I were you, because it resolves a known zero day with active exploits. 67.0.4, while addressing a High vulnerability security vulnerability, is not as critical.
4 Likes
the second flaw fixed in 67.0.4 was chained from the flaw in 0.3 according to Bleeping Computer, so yes… push 0.3 but if 0.4 is hot on its tail, get 0.4 out asap
4 Likes
@dmccalla , Duncan, Please pass on my thanks to the team for dealing with this in a timely manner.
2 Likes