Skip to main content

PSA: Update Firefox now, says Homeland Security, to block real-life attacks

If you’re using Mozilla’s browser on your Mac, you’ll want to Update Firefox now. It’s not just the developer urging you to do so: a vulnerability found in older versions is so critical that the Department of Homeland Security has issued an advisory too…

TNW spotted the advisory by the DHS’s cyber protection division, CISA.

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.

Mozilla itself says that this isn’t just a theoretical risk.

We are aware of targeted attacks in the wild abusing this flaw.

Past attacks based on zero-day vulnerabilities in Firefox have targeted cryptocurrency owners.

This is the third zero-day exploit Mozilla has patched in a year. Last June, one such attack, which was also described as a “type confusion vulnerability,” apparently targeted Coinbase users. A second flaw was patched a few days later. According to ZDNet, the zero-days were used by a hacking group in an attempt to infect Coinbase staff via a spear-fishing email containing links to malicious sites.

The version you want is Firefox 72.0.1 (or ESR 68.4.1 for some enterprise users). To check, go to the Help menu on the right side of the menu bar and select About. If it hasn’t already auto-updated, there will be an option to update from there. You’ll need to restart Firefox to complete the installation.

The iOS version of Firefox is unaffected as that is just a wrapper around Apple’s WebKit browser engine. This means that no matter which browser you use on an iPhone or iPad, it’s really just Safari under the hood.

Image: Shutterstock

FTC: We use income earning auto affiliate links. More.

Hyper Drive GEN2
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear