A recent release of Firefox had a bug severe enough, that the US government is telling everyone to update to guarantee online safety.
Mozilla has issued an update to its Firefox browser that fixes a critical security issue that could allow attackers to take control of affected computers. The issue has previously not been reported, but according to the Department of Homeland Security, it was already being exploited in attacks.
To update Firefox, users can open the browser, click on the Firefox menu, then on About Firefox. This will start the update.
Alternatively, users can visit the official site to download Firefox.
"Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR," wrote the US Department's Cyber-Infrastructure (CISA) division in a statement. "An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild."
"[The CISA] encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates," it concludes.
Firefox ESR is the version of the browser built for enterprise customers.
Mozilla's advisory for both this and the regular Firefox edition repeats the information that "we are aware of targeted attacks in the wild abusing this flaw."
In May 2019, Mozilla also required users to update Firefox following multiple failures with browser extensions.
30 Comments
Yeah, update now! Because having a "critical security issue that could allow attackers to take control of affected computers" that was previously unreported sounds like a great selling point. Yeesh.
Maybe delete Firefox and switch to a different browser.
Firefox sure likes to talk the talk when it comes to security. It’s too bad they can’t back up their bravado with real world performance. Yeah, everything that depends on humans is inherently vulnerable to flaws and failures, which is why they should be a little less bold in their claims of providing a secure browsing experience. If they and all other apps that make bold statements about the security were forthright they’d simply state “we’ll try our best” when setting expectations.