Those using the popular Mozilla Firefox web browser should update immediately, warns a new U.S. Department of Homeland Security alert.
According to the Cybersecurity and Infrastructure Security Agency within DHS, Mozilla last week released security updates to address a vulnerability in Firefox, Firefox ESR and Thunderbird that could allow an attacker to take control of an affected system.
The agency said users and administrators should review Mozilla’s security advisories for Firefox 72.0.1, Firefox ESR 68.4. and Thunderbird 68.4.1.
On Jan. 8, Mozilla announced the update that would fix the security flaws, saying the company was aware of targeted attacks in the wild. The update was labeled as “critical.”
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” the company said. “We are aware of targeted attacks in the wild abusing this flaw.”
Neither the company nor DHS gave further information about exactly how the vulnerability was being exploited in the wild or what groups were doing the attacking.
According to Fast Company, versions for desktop older than the recently patched version are vulnerable to attacks that could let someone take control of an entire operating system, including Windows and Mac.
Chinese security company Qihoo 360 discovered the flaw last week, just two days after Mozilla released Firefox 72, Tech Crunch reported.
How to upgrade Firefox:
- For Windows users: launch the browser and go to Options > Firefox Updates or Options > Advanced > Update to update Firefox
- For mac users: launch the browser and click About > Firefox and click “Restart to update Firefox.”
News of the security flaw and update come as Firefox releases Firefox Voice, a digital assistant like Alexa, Siri or Google Assistant that can help you surf the web using just your voice.
The feature is currently limited to desktop.