Mozilla has pushed-out an urgent update to its hugely-popular Firefox web browser to patch a security flaw that could enable hackers to take control of your computer – letting them trawl through your private documents, change your settings and install dangerous malware. Thankfully, those who use Firefox on a mobile device need not worry – the security flaw only impacts the desktop version of the web browser.
According to Mozilla, the flaw has been exploited in the wild. That means cybercriminals are aware of the compromise and how to use it to their advantage. As such, the threat for those who use Firefox every day isn’t academic, but something they seriously need to protect themselves against.
Those who use Firefox on their desktop machine definitely need to be on alert. It’s worth noting the worrying security flaw is also present in Firefox ESR, which is a separate version of the app designed to be used by system administrators who control multiple users’ machines, including businesses, government, or schools.
The security flaw is patched in the latest version of the Mozilla web browser, Firefox version 72.0.1. The must-have update should be installed automatically the next time you restart your browser, since Mozilla enables automatic updates on its client. These are triggered when you restart the software.
If you’re unsure about which version of Firefox you’re currently running, you’ll need to open the Firefox menu, then tap the Help icon – if you’re unsure, this is a question mark inside a circle. Select About Firefox and a dialogue box with a bevy of different information on the browser should appear, including the version number.
If your Firefox isn’t updating automatically as planned, Mozilla enables users to manually force an update to the latest version of the browser by entering about:preferences#general in the address bar.
Hit enter, then scroll to Firefox Updates and click on Restart To Update Firefox if the option is available in the list. Restart your browser and you should be safe from the threat.
The security flaw in Mozilla Firefox, which is categorised as CVE-2019-17026 by the company, was uncovered by the Chinese internet security firm Qihoo 360. According to Ars Technica, the security flaw is a type of weakness in the code that could result in data being written to – or read from – areas that are normally out of bounds to third-parties. This could allow an sophisticated cybercriminal to run malicious code on your machine.
They could also force the popular Google Chrome rival to crash with a command.
“Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” Mozilla explained on its advisory page about the flaw. “We are aware of targeted attacks in the wild abusing this flaw.”