A recent release of Firefox had a bug severe enough, that the US government is telling everyone to update to guarantee online safety.
Mozilla has issued an update to its Firefox browser that fixes a critical security issue that could allow attackers to take control of affected computers. The issue has previously not been reported, but according to the Department of Homeland Security, it was already being exploited in attacks.
To update Firefox, users can open the browser, click on the Firefox menu, then on About Firefox. This will start the update.
Alternatively, users can visit the official site to download Firefox.
"Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR," wrote the US Department's Cyber-Infrastructure (CISA) division in a statement. "An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild."
"[The CISA] encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates," it concludes.
Firefox ESR is the version of the browser built for enterprise customers.
Mozilla's advisory for both this and the regular Firefox edition repeats the information that "we are aware of targeted attacks in the wild abusing this flaw."
In May 2019, Mozilla also required users to update Firefox following multiple failures with browser extensions.