The Department of Homeland Security issued a rare warning to users of the popular Firefox browser, telling them to update their browsers immediately due to a recently detected vulnerability that could allow hackers to take control of their entire operating system.
From the [DHS Cybersecurity and Infrastructure Security Agency’s warning]
(Mozilla Patches Critical Vulnerability | CISA)
:
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.
On Wednesday Mozilla, the developer of the Firefox browser, released Firefox 72.0.1 to address the security vulnerability, which allows hackers to run unauthorized code through a webpage, allowing them to gain access to an affected system. The latest version of Firefox had only been out for two days when the vulnerability was discovered. Mozilla, which rated the risk as “critical,” explained:
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.
These are the two most recent security updates from Mozilla (notice the dates are 2020-02 and 2020-03, both this year):
- those are generally used to steal sensitive data intended for other sites.
