If you’re using Mozilla’s browser on your Mac, you’ll want to Update Firefox now. It’s not just the developer urging you to do so: a vulnerability found in older versions is so critical that the Department of Homeland Security has issued an advisory too…
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.
Mozilla itself says that this isn’t just a theoretical risk.
We are aware of targeted attacks in the wild abusing this flaw.
Past attacks based on zero-day vulnerabilities in Firefox have targeted cryptocurrency owners.
This is the third zero-day exploit Mozilla has patched in a year. Last June, one such attack, which was also described as a “type confusion vulnerability,” apparently targeted Coinbase users. A second flaw was patched a few days later. According to ZDNet, the zero-days were used by a hacking group in an attempt to infect Coinbase staff via a spear-fishing email containing links to malicious sites.
The version you want is Firefox 72.0.1 (or ESR 68.4.1 for some enterprise users). To check, go to the Help menu on the right side of the menu bar and select About. If it hasn’t already auto-updated, there will be an option to update from there. You’ll need to restart Firefox to complete the installation.
The iOS version of Firefox is unaffected as that is just a wrapper around Apple’s WebKit browser engine. This means that no matter which browser you use on an iPhone or iPad, it’s really just Safari under the hood.
FTC: We use income earning auto affiliate links. More.