Firefox affected by critical flaw, update it immediately
The Cybersecurity and Infrastructure Security Agency of the US Department of Homeland Security (DHS) has raised alarms over a critical vulnerability plaguing Mozilla Firefox. The issue, DHS says, affects old versions of Firefox, Firefox ESR, and Thunderbird and is being exploited by threat actors in the real world. Here's all you need to know about it.
While neither Mozilla nor DHS has detailed the browser issue, presumably to prevent widespread attacks, both parties have deemed the flaw as 'critical'. The DHS, in particular, has described the vulnerability as one that could be exploited by an attacker to "take control of an affected system". And, once an attacker hacks in, they could do anything, starting from stealing files to spying.
What makes this case even worse is the fact that attackers are exploiting this vulnerability in the wild, DHS claimed. Mozilla said they are "aware of targeted attacks in the wild abusing this flaw" but the organization didn't specifically say how many users have been targeted or compromised yet. Notably, this is the third zero-day vulnerability that has been actively exploited in 12 months.
As both DHS and Mozilla mentioned in their respective advisories, updating Firefox programs to the latest version as soon as possible is the only way to dodge this vulnerability and protect yourself from active attacks. The main Firefox app needs to be updated to version 72.0.1 while Firefox ESR and Thunderbird both have to be upgraded to version 68.4.1.
To check and update Firefox, head over to the menu bar in the upper right corner and click on Help. Then, click on the 'About Firefox' button to open a pop-up that would automatically check for updates and download the latest release. Once it gets downloaded, simply restart the browser to finish the installation and complete the update process.