Update Firefox now, because the Department of Homeland Security is telling you to

A recent release of Firefox had a bug severe enough, that the US government is telling everyone to update to guarantee online safety.

Mozilla has issued an update to its Firefox browser that fixes a critical security issue that could allow attackers to take control of affected computers. The issue has previously not been reported, but according to the Department of Homeland Security, it was already being exploited in attacks.

To update Firefox, users can open the browser, click on the Firefox menu, then on About Firefox. This will start the update.

Alternatively, users can visit the official site to download Firefox.

"Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR," wrote the US Department's Cyber-Infrastructure (CISA) division in a statement. "An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild."

"[The CISA] encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates," it concludes.

Choosing "About Firefox" will either start the update or, as here, show you when the latest one has been successfully installed

Firefox ESR is the version of the browser built for enterprise customers.

Mozilla's advisory for both this and the regular Firefox edition repeats the information that "we are aware of targeted attacks in the wild abusing this flaw."

In May 2019, Mozilla also required users to update Firefox following multiple failures with browser extensions.

30 Comments

ihatescreennames 1971 comments · 19 Years

About 4 years ago

Yeah, update now! Because having a "critical security issue that could allow attackers to take control of affected computers" that was previously unreported sounds like a great selling point. Yeesh.

Maybe delete Firefox and switch to a different browser.

Soli 9981 comments · 9 Years

About 4 years ago

ihatescreennames said:

Yeah, update now! Because having a "critical security issue that could allow attackers to take control of affected computers" that was previously unreported sounds like a great selling point. Yeesh.

Maybe delete Firefox and switch to a different browser.

Whose to say that any other browser doesn't have severe exploits used by those with nefarious intentions? I say just update your browser and access the internet wisely.

Apple has certainly had their share of critical bugs. How many years was Apple's "goto fail" bug present? Any captured SSL traffic could've been read which means for years your secure traffic was as good as plaintext for any person or agency that knew how to read it. That even includes after the fact for rooting through data dumps to peak at private information, which is why (for one) had to go change every password in my password manager after this bug was discovered and patched.

dewme 5737 comments · 10 Years

About 4 years ago

Firefox sure likes to talk the talk when it comes to security. It’s too bad they can’t back up their bravado with real world performance. Yeah, everything that depends on humans is inherently vulnerable to flaws and failures, which is why they should be a little less bold in their claims of providing a secure browsing experience. If they and all other apps that make bold statements about the security were forthright they’d simply state “we’ll try our best” when setting expectations.

Wgkrueger 352 comments · 8 Years

About 4 years ago

ihatescreennames said:

Yeah, update now! Because having a "critical security issue that could allow attackers to take control of affected computers" that was previously unreported sounds like a great selling point. Yeesh.

Maybe delete Firefox and switch to a different browser.

“ Firefox zero-days are pretty rare. The last one was reported in December 2016”

EsquireCats 1268 comments · 8 Years

About 4 years ago

Soli said:

ihatescreennames said:

Yeah, update now! Because having a "critical security issue that could allow attackers to take control of affected computers" that was previously unreported sounds like a great selling point. Yeesh.

Maybe delete Firefox and switch to a different browser.

Whose to say that any other browser doesn't have severe exploits used by those with nefarious intentions? I say just update your browser and access the internet wisely.

Apple has certainly had their share of critical bugs. How many years was Apple's "goto fail" bug present? Any captured SSL traffic could've been read which means for years your secure traffic was as good as plaintext for any person or agency that knew how to read it. That even includes after the fact for rooting through data dumps to peak at private information, which is why (for one) had to go change every password in my password manager after this bug was discovered and patched.

Are you changing all of your passwords now too?