The U.S. Department of Homeland Security is urging everyone who uses Mozilla Firefox as their intnet browser to update it immediately.
Potential attackers can exploit an old vulnerability in previous versions of the internet browser, the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) said a statement on Friday.
“Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild,” according to the CISA statement.
“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 72.0.1 and Firefox ESR 68.4.1 and Thunderbird 68.4.1 and apply the necessary updates.”
Mozilla said in a statement that there have already been attacks exploiting the technical vulnerability.
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw,” Mozilla said in a statement reported by MacRumors.
Chinese company Qihoo 360 first discovered the flaw two days after the release of Firefox 72, but there is no word on how long the bug has been exploited, according to TechCrunch.
Firefox is not a default browser on the majority of devices, but its a very popular browser and thus the critical nature of the vulnerability has the possibility of great impact.
The types of vulnerability found in the Firefox 72 release are often used in to deliver malware or ransomware, a type of malware where the hacker threatens to publish the victim’s data unless a ransom is paid.
For Mac users, launch Firefox and click “About.” Then click “Firefox” and click the “Restart to update Firefox” button.
For PC users, there are two possible ways to update Firefox. Launch Firefox and either go under “Options” and click “Firefox Updates” or click on “Options” then click “Advanced.” Next click “Update” to update Firefox.
In May 2019, Mozilla required users to update Firefox after there were multiple failures with browser extensions.