HomeWinBuzzer NewsEven Homeland Security Thinks You Should Update Firefox

Even Homeland Security Thinks You Should Update Firefox

Firefox 72.0 contains a critical vulnerability that has been exploited in the wild to gain control of user's PCs. The bug lets malicious JavaScript code run outside of the browser.

-

Mozilla has patched a critical vulnerability in its browser that has drawn the attention of US Homeland Security. The zero-day exploit was discovered by Qihoo 360, and has its roots in 's just-in-time compiler, which is used to speed up JavaScript performance.

According to the advisory, incorrect alias information could lead to type confusion, which attackers can exploit to attack users. In fact, Mozilla says its discovered instances of this being in the wild, which makes updating even more critical.

“Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system,” said Homeland Security's CISA. “The Cybersecurity and Infrastructure Security Agency encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.”

To gain control of a computer, an attacker would simply have to convince a user to access a website with malicious JavaScript. The bug lets the script run outside of the browser, possibly without the user noticing.

Users should check their Firefox version immediately and ensure their version number is higher than 72.0. Thankfully, the vulnerability was found 2 days after 72's release, but it'll undoubtedly take a while for all users to apply the fix. You can do so By opening the hamburger menu and heading to Help>About Firefox>Restart to Update Firefox.

Updated or not, you should always keep an eye out for suspicious links. Don't click any from senders you don't trust, and even then ensure they're been arranged in advance. This isn't the first time Firefox has run into issues, nor Chrome or Edge, for that matter.

ViaTNW
SourceCISA
Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News