Update Firefox Now to Fix This Zero-Day Vulnerability
Even if you probably just updated your Firefox desktop browser to version 72 (released on Tuesday), make sure you run another update to pull off a special patch that Mozilla released yesterday. The upgrade to version 72.0.1 addresses a zero-day vulnerability that, if exploited, could allow an attacker to “take control of a vulnerable system,” as described by the US Cyber and Infrastructure Security Agency. (A “zero-day vulnerability” means that an attacker discovered a problem and used it to cause problems, which is how Mozilla learned about the vulnerability.)
While it might be tempting to say you’ll get to it later, Mozilla notes in its own post that “we know of targeted attacks in the wild that abuse this flaw.”
While technically the chances of being hit by a hack are slim given how many Firefox users are around the world, I wouldn’t postpone this update if you’re a big Firefox fan.
As always, all you need to do to refresh your browser is to click the three-line hamburger icon in the upper right corner, and then click Help> About Firefox (for Windows users). If you’re a Mac user, just click Firefox in the menu bar and choose About Firefox.
When you do, you will see a screen that looks like this and you will have to briefly restart your browsing session to apply the update.
You may not even go that far. Take your time long enough and you’ll get this popup right in your browser:
Mozilla did not go into details about how attackers used this vulnerability to gain control of systems, but noted that the attack was based on a “type confusion”. In other words, attackers have found a way to read or write data to areas of memory that they would not normally be able to access, bypassing the defenses that would normally prevent them from doing so.